CVE-2025-8865 - YugabyteDB YCQL DoS Denial of Service
CVE ID : CVE-2025-8865
Published : Aug. 11, 2025, 3:15 p.m. | 3 hours, 23 minutes ago
Description : The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8865
Published : Aug. 11, 2025, 3:15 p.m. | 3 hours, 23 minutes ago
Description : The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-38499 - Linux Kernel Clone Private Mnt userns Privilege Escalation Vulnerability
CVE ID : CVE-2025-38499
Published : Aug. 11, 2025, 4:15 p.m. | 2 hours, 23 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-38499
Published : Aug. 11, 2025, 4:15 p.m. | 2 hours, 23 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45146 - ModelCache for LLM Deserialization Vulnerability
CVE ID : CVE-2025-45146
Published : Aug. 11, 2025, 4:15 p.m. | 2 hours, 23 minutes ago
Description : ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45146
Published : Aug. 11, 2025, 4:15 p.m. | 2 hours, 23 minutes ago
Description : ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8866 - YugabyteDB Anywhere Authentication Bypass
CVE ID : CVE-2025-8866
Published : Aug. 11, 2025, 5:15 p.m. | 1 hour, 23 minutes ago
Description : YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8866
Published : Aug. 11, 2025, 5:15 p.m. | 1 hour, 23 minutes ago
Description : YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25231 - VMware Workspace ONE UEM Path Traversal Information Disclosure
CVE ID : CVE-2025-25231
Published : Aug. 11, 2025, 6:15 p.m. | 23 minutes ago
Description : Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25231
Published : Aug. 11, 2025, 6:15 p.m. | 23 minutes ago
Description : Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53187 - ABB ASPECT Code Injection Vulnerability
CVE ID : CVE-2025-53187
Published : Aug. 11, 2025, 6:15 p.m. | 23 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in ABB ASPECT.This issue affects ASPECT: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53187
Published : Aug. 11, 2025, 6:15 p.m. | 23 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in ABB ASPECT.This issue affects ASPECT: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54063 - Cherry Studio Custom URL Handler Remote Code Execution Vulnerability
CVE ID : CVE-2025-54063
Published : Aug. 11, 2025, 6:15 p.m. | 23 minutes ago
Description : Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on any website. If a victim clicks the exploit link in their browser, the app’s custom URL handler is triggered, leading to remote code execution on the victim’s machine. This issue has been patched in version 1.5.1.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54063
Published : Aug. 11, 2025, 6:15 p.m. | 23 minutes ago
Description : Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on any website. If a victim clicks the exploit link in their browser, the app’s custom URL handler is triggered, leading to remote code execution on the victim’s machine. This issue has been patched in version 1.5.1.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51823 - Libcsp Buffer Overflow Vulnerability
CVE ID : CVE-2025-51823
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member (ctx->name) without validating the input length.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51823
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member (ctx->name) without validating the input length.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51824 - Zephyr libcsp Buffer Overflow
CVE ID : CVE-2025-51824
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51824
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52931 - Mattermost Confluence Plugin Denial of Service (DoS)
CVE ID : CVE-2025-52931
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52931
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53188 - ABB Aspect Unprotected Credentials
CVE ID : CVE-2025-53188
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Insufficiently Protected Credentials vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53188
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Insufficiently Protected Credentials vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53189 - ABB Aspect Authorization Bypass Through User-Controlled Key Vulnerability
CVE ID : CVE-2025-53189
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in ABB Aspect.This issue affects Aspect: from o before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53189
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in ABB Aspect.This issue affects Aspect: from o before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53190 - ABB Aspect Authentication Bypass
CVE ID : CVE-2025-53190
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : A vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53190
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : A vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53191 - ABB Aspect Missing Authentication for Critical Function Vulnerability
CVE ID : CVE-2025-53191
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53191
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53514 - Mattermost Confluence Plugin Denial of Service (DoS)
CVE ID : CVE-2025-53514
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53514
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53857 - Mattermost Confluence Plugin Information Disclosure Vulnerability
CVE ID : CVE-2025-53857
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53857
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53910 - Mattermost Confluence Plugin Authentication Bypass
CVE ID : CVE-2025-53910
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53910
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54458 - Mattermost Confluence Plugin Unauthorized Subscription Creation Vulnerability
CVE ID : CVE-2025-54458
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54458
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54463 - Mattermost Confluence Plugin Denial of Service (DoS)
CVE ID : CVE-2025-54463
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54463
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54478 - Mattermost Confluence Plugin Authentication Bypass
CVE ID : CVE-2025-54478
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54478
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54525 - Mattermost Confluence Plugin Denial of Service (DoS)
CVE ID : CVE-2025-54525
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54525
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...