CVE List - 2025 / August
Showing 501 - 600 of 3631 CVEs for August 2025 (Page 6 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-20990 | 2025-08-06 | Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier. |
| CVE-2025-21010 | 2025-08-06 | Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account. |
| CVE-2025-21011 | 2025-08-06 | Improper access control in SemSensorService for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to motion and body sensors. |
| CVE-2025-21012 | 2025-08-06 | Improper access control in fall detection for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to modify fall detection configuration. |
| CVE-2025-21013 | 2025-08-06 | Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to outdoor exercise and sleep time. |
| CVE-2025-21014 | 2025-08-06 | Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information. |
| CVE-2025-21015 | 2025-08-06 | Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. |
| CVE-2025-21016 | 2025-08-06 | Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs. |
| CVE-2025-21017 | 2025-08-06 | Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. |
| CVE-2025-21018 | 2025-08-06 | Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory. |
| CVE-2025-21019 | 2025-08-06 | Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. User interaction is required for triggering this vulnerability. |
| CVE-2025-21020 | 2025-08-06 | Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. |
| CVE-2025-21021 | 2025-08-06 | Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. |
| CVE-2025-21022 | 2025-08-06 | Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information. |
| CVE-2025-21023 | 2025-08-06 | Improper access control in WcsExtension for Galaxy Watch prior to Android Watch 16 allows local attackers to access sensitive information. |
| CVE-2025-21024 | 2025-08-06 | Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information. |
| CVE-2025-7376 | 2025-08-06 | Information Tampering Vulnerability in multiple processes of GENESIS64, MC Works64, and GENESIS |
| CVE-2025-7727 | 2025-08-06 | Gutenverse <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Fun Fact Blocks |
| CVE-2025-7954 | 2025-08-06 | Race Condition in Shopware Voucher Submission |
| CVE-2025-21452 | 2025-08-06 | Reachable Assertion in Modem |
| CVE-2025-21455 | 2025-08-06 | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera_Linux |
| CVE-2025-21456 | 2025-08-06 | Use After Free in NPU |
| CVE-2025-21457 | 2025-08-06 | Buffer Over-read in Automotive OS Platform Android |
| CVE-2025-21458 | 2025-08-06 | Use After Free in NPU |
| CVE-2025-21461 | 2025-08-06 | Out-of-bounds Write in Camera_Linux |
| CVE-2025-21464 | 2025-08-06 | Out-of-bounds Read in Core |
| CVE-2025-21465 | 2025-08-06 | Out-of-bounds Read in Core |
| CVE-2025-21472 | 2025-08-06 | Leftover Debug Code in Secure Element |
| CVE-2025-21473 | 2025-08-06 | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera_Linux |
| CVE-2025-21474 | 2025-08-06 | Use After Free in BTHOST |
| CVE-2025-21477 | 2025-08-06 | Improper Input Validation in Modem |
| CVE-2025-27062 | 2025-08-06 | Improper Access Control in Automotive Multimedia |
| CVE-2025-27065 | 2025-08-06 | Buffer Over-read in WLAN Firmware |
| CVE-2025-27066 | 2025-08-06 | Reachable Assertion in WLAN Firmware |
| CVE-2025-27067 | 2025-08-06 | Improper Validation of Array Index in DSP Service |
| CVE-2025-27068 | 2025-08-06 | Buffer Over-read in Camera |
| CVE-2025-27069 | 2025-08-06 | Untrusted Pointer Dereference in DSP Service |
| CVE-2025-27071 | 2025-08-06 | Buffer Copy Without Checking Size of Input in Powerline Communication Firmware |
| CVE-2025-27072 | 2025-08-06 | Buffer Copy Without Checking Size of Input in Automotive Vehicle Networks |
| CVE-2025-27073 | 2025-08-06 | Reachable Assertion in WLAN Firmware |
| CVE-2025-27075 | 2025-08-06 | Improper Validation of Array Index in Bluetooth HOST |
| CVE-2025-27076 | 2025-08-06 | Time-of-check Time-of-use (TOCTOU) Race Condition in Display |
| CVE-2025-47324 | 2025-08-06 | Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware |
| CVE-2025-7202 | 2025-08-06 | Cross-Site Request Forgery (CSRF) allowed remote control of Elgato Key Lights |
| CVE-2025-8556 | 2025-08-06 | Github.com/cloudflare/circl: circl-fourq: missing and wrong validation can lead to incorrect results |
| CVE-2025-8620 | 2025-08-06 | GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure |
| CVE-2025-7771 | 2025-08-06 | Code Execution / Escalation of Privileges in ThrottleStop |
| CVE-2025-22469 | 2025-08-06 | OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. An arbitrary OS command may be executed on the system... |
| CVE-2025-22470 | 2025-08-06 | CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the... |
| CVE-2025-6013 | 2025-08-06 | Vault LDAP MFA Enforcement Bypass When Using Username As Alias |
| CVE-2025-46386 | 2025-08-06 | CWE-639 Authorization Bypass Through User-Controlled Key |
| CVE-2025-46387 | 2025-08-06 | CWE-639 Authorization Bypass Through User-Controlled Key |
| CVE-2025-46388 | 2025-08-06 | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2025-46389 | 2025-08-06 | CWE-620: Unverified Password Change |
| CVE-2025-46390 | 2025-08-06 | CWE-204: Observable Response Discrepancy |
| CVE-2025-46391 | 2025-08-06 | CWE-284: Improper Access Control |
| CVE-2025-5197 | 2025-08-06 | Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| CVE-2025-23310 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might... |
| CVE-2025-23311 | 2025-08-06 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote... |
| CVE-2025-23317 | 2025-08-06 | NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of... |
| CVE-2025-23318 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might... |
| CVE-2025-23319 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit... |
| CVE-2025-23320 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a... |
| CVE-2025-23321 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. A successful exploit of... |
| CVE-2025-23322 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful... |
| CVE-2025-23323 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid... |
| CVE-2025-23324 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid... |
| CVE-2025-23325 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might... |
| CVE-2025-23326 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability... |
| CVE-2025-23327 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerability might... |
| CVE-2025-23331 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing... |
| CVE-2025-23333 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful... |
| CVE-2025-23334 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit... |
| CVE-2025-23335 | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a... |
| CVE-2025-3320 | 2025-08-06 | IBM Tivoli Monitoring code execution |
| CVE-2025-3354 | 2025-08-06 | IBM Tivoli Monitoring code execution |
| CVE-2025-8616 | 2025-08-06 | Malicious browser plugins may cause Authentication replay attack vulnerability to bypass authentication in OpenText Advanced Authentication |
| CVE-2025-36020 | 2025-08-06 | IBM Guardium Data Protection information disclosure |
| CVE-2025-2028 | 2025-08-06 | Lack of TLS validation |
| CVE-2024-52885 | 2025-08-06 | Path Traversal |
| CVE-2025-48393 | 2025-08-06 | The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed... |
| CVE-2025-48394 | 2025-08-06 | An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has... |
| CVE-2024-8244 | 2025-08-06 | Walk/WalkDir in path/filepath susceptible to symlink race |
| CVE-2025-53786 | 2025-08-06 | Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability |
| CVE-2025-20331 | 2025-08-06 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabiliy |
| CVE-2025-20332 | 2025-08-06 | Cisco Identity Services Engine Authorization Bypass Vulnerability |
| CVE-2025-20215 | 2025-08-06 | Cisco Webex Meeting Client Join Certificate Validation Vulnerability |
| CVE-2025-8665 | 2025-08-06 | agno-agi agno Model Context Protocol mcp.py MultiMCPTools os command injection |
| CVE-2025-8419 | 2025-08-06 | Org.keycloak/keycloak-services: keycloak smtp inject vulnerability |
| CVE-2025-8667 | 2025-08-06 | SkyworkAI DeepResearchAgent tools.py from_mcp os command injection |
| CVE-2025-38747 | 2025-08-06 | Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation... |
| CVE-2025-38746 | 2025-08-06 | Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability,... |
| CVE-2025-7768 | 2025-08-06 | Use of Hard-coded Credentials in Tigo Energy Cloud Connect Advanced |
| CVE-2025-47908 | 2025-08-06 | Denial of service via malicious preflight requests in github.com/rs/cors |
| CVE-2025-6632 | 2025-08-06 | PSD File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-7769 | 2025-08-06 | Improper Neutralization of Special Elements used in a Command ('Command Injection') in Tigo Energy Cloud Connect Advanced |
| CVE-2025-6633 | 2025-08-06 | RBG File Parsing Out-of-Bounds Write Vulnerability |
| CVE-2025-6634 | 2025-08-06 | TGA File Parsing Memory Corruption Vulnerability |
| CVE-2025-7770 | 2025-08-06 | Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced |
| CVE-2025-54785 | 2025-08-06 | SuiteCRM is Vulnerable to PHP Object Injection in Reports |