CVE ID : CVE-2025-45146
Published : Aug. 11, 2025, 4:15 p.m. | 8 hours, 7 minutes ago
Description : ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-54063
Published : Aug. 11, 2025, 6:15 p.m. | 6 hours, 7 minutes ago
Description : Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on any website. If a victim clicks the exploit link in their browser, the app’s custom URL handler is triggered, leading to remote code execution on the victim’s machine. This issue has been patched in version 1.5.1.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53190
Published : Aug. 11, 2025, 7:15 p.m. | 4 hours, 53 minutes ago
Description : A vulnerability in ABB Aspect.This issue affects Aspect: before
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53191
Published : Aug. 11, 2025, 7:15 p.m. | 4 hours, 53 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: before
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53514
Published : Aug. 11, 2025, 7:15 p.m. | 4 hours, 53 minutes ago
Description : Mattermost Confluence Plugin version
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53857
Published : Aug. 11, 2025, 7:15 p.m. | 4 hours, 53 minutes ago
Description : Mattermost Confluence Plugin version
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53910
Published : Aug. 11, 2025, 7:15 p.m. | 4 hours, 53 minutes ago
Description : Mattermost Confluence Plugin version
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-54458
Published : Aug. 11, 2025, 7:15 p.m. | 4 hours, 53 minutes ago
Description : Mattermost Confluence Plugin version
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7679
Published : Aug. 11, 2025, 7:15 p.m. | 4 hours, 53 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7677
Published : Aug. 11, 2025, 7:15 p.m. | 4 hours, 53 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8285
Published : Aug. 11, 2025, 7:15 p.m. | 4 hours, 53 minutes ago
Description : Mattermost Confluence Plugin version
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-54478
Published : Aug. 11, 2025, 7:15 p.m. | 4 hours, 53 minutes ago
Description : Mattermost Confluence Plugin version
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-54525
Published : Aug. 11, 2025, 7:15 p.m. | 4 hours, 53 minutes ago
Description : Mattermost Confluence Plugin version
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-54463
Published : Aug. 11, 2025, 7:15 p.m. | 4 hours, 53 minutes ago
Description : Mattermost Confluence Plugin version
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-32640
Published : Aug. 11, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.6, 7.3.13, and 7.2.8 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7.4.6, 7.3.13, and 7.2.8 contain a fix for the issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-54878
Published : Aug. 11, 2025, 9:15 p.m. | 3 hours, 7 minutes ago
Description : CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version 1.4.0 and prior in the IV setup logic for telecommand frames. The problem arises from missing bounds checks when copying the Initialization Vector (IV) into a freshly allocated buffer. An attacker can supply a crafted TC frame that causes the library to write one byte past the end of the heap buffer, leading to heap corruption and undefined behaviour. An attacker supplying a malformed telecommand frame can corrupt heap memory. This leads to undefined behaviour, which could manifest itself as a crash (denial of service) or more severe exploitation. This issue has been patched in version 1.4.0.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40920
Published : Aug. 11, 2025, 9:15 p.m. | 3 hours, 7 minutes ago
Description : Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs.
* Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.
* The nonces should be generated from a strong cryptographic source, as per RFC 7616.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-25235
Published : Aug. 11, 2025, 10:15 p.m. | 1 hour, 53 minutes ago
Description : Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-55150
Published : Aug. 11, 2025, 10:15 p.m. | 1 hour, 53 minutes ago
Description : Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-55012
Published : Aug. 11, 2025, 10:15 p.m. | 1 hour, 53 minutes ago
Description : Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific configuration file, leading to the execution of arbitrary commands on a victim’s machine without the explicit approval that would otherwise be required. This vulnerability has been patched in version 0.197.3. A workaround for this issue involves either avoid sending prompts to the Agent Panel, or to limit the AI Agent’s file system access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…