Latest CVE Feed
-
9.8
CRITICALCVE-2025-43243
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to modify protected parts of the file system.... Read more
Affected Products : macos- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-43224
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 2.6, tvOS 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6. Processing a maliciously crafted media file may lead to unexpected app termination or ... Read more
- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-43223
A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.7, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. A non-privileged ... Read more
- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-43222
A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An attacker may be able to cause unexpected app termination.... Read more
- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-54528
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow... Read more
Affected Products : teamcity- Published: Jul. 28, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.5
HIGHCVE-2025-54529
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration... Read more
Affected Products : teamcity- Published: Jul. 28, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-0651
Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Rese... Read more
Affected Products : warp- Published: Jan. 22, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2020-3122
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.... Read more
Affected Products : secure_email_and_web_manager asyncos content_security_management_appliance secure_email_and_web_manager_m170 secure_email_and_web_manager_m190 secure_email_and_web_manager_m195 secure_email_and_web_manager_m380 secure_email_and_web_manager_m390 secure_email_and_web_manager_m390x secure_email_and_web_manager_m395 +4 more products- Published: Mar. 04, 2025
- Modified: Jul. 31, 2025
-
6.1
MEDIUMCVE-2024-20258
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. Th... Read more
Affected Products : secure_email_and_web_manager asyncos secure_email_gateway secure_email_gateway_virtual_appliance_c100v secure_email_gateway_virtual_appliance_c300v secure_email_gateway_virtual_appliance_c600v secure_email_gateway_c190 secure_email_gateway_c195 secure_email_gateway_c390 secure_email_gateway_c395 +17 more products- Published: May. 15, 2024
- Modified: Jul. 31, 2025
-
6.5
MEDIUMCVE-2025-0143
Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access.... Read more
Affected Products : meeting_software_development_kit video_software_development_kit workplace_desktop- Published: Jan. 30, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-54530
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions... Read more
Affected Products : teamcity- Published: Jul. 28, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Authorization
-
9.4
CRITICALCVE-2025-54531
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows... Read more
Affected Products : teamcity- Published: Jul. 28, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2024-12389
A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. The application supports the extraction of user-provided 7z files without proper validation. The Python py7zr package used for extraction does not guarantee that files... Read more
Affected Products : gpt_academic- Published: Mar. 20, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Path Traversal
-
4.9
MEDIUMCVE-2025-53023
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols... Read more
- Published: Jul. 15, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2024-12390
A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exp... Read more
Affected Products : gpt_academic- Published: Mar. 20, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2024-12391
A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function '解析项目源码(手动指定和筛选源码文件类型)' permits the execution of user-provided regular expressions. Certain regular expressi... Read more
Affected Products : gpt_academic- Published: Mar. 20, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2024-12392
A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerabi... Read more
Affected Products : gpt_academic- Published: Mar. 20, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Server-Side Request Forgery
-
8.8
HIGHCVE-2025-54536
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint... Read more
Affected Products : teamcity- Published: Jul. 28, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.5
HIGHCVE-2025-8262
A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expre... Read more
Affected Products : yarn- Published: Jul. 28, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Denial of Service
-
5.9
MEDIUMCVE-2023-2593
A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the s... Read more
Affected Products : linux_kernel- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Memory Corruption