Total
60 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30415 | 2026-03-06 | N/A | 7.5 HIGH | ||
|
Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
|
|||||
| CVE-2025-59785 | 1 2n | 1 Access Commander | 2026-03-05 | N/A | 7.2 HIGH |
|
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption.
This vulnerability can only be exploited after authenticating with administrator privileges.
|
|||||
| CVE-2025-13033 | 2026-03-04 | N/A | 7.5 HIGH | ||
|
A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and a ...
Show More |
|||||
| CVE-2025-13327 | 2026-02-27 | N/A | 6.3 MEDIUM | ||
|
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package.
|
|||||
| CVE-2020-16220 | 1 Philips | 2 Patient Information Center Ix, Performancebridge Focal Point | 2026-02-23 | 3.3 LOW | 4.3 MEDIUM |
|
In Patient Information Center iX (PICiX) Versions C.02, C.03,
PerformanceBridge Focal Point Version A.01, the product receives input
that is expected to be well-formed (i.e., to comply with a certain
syntax) but it does not validate or incorrectly validates that the input
complies with the syntax, causing the certificate enrollment service to
crash. It does not impact monitoring but prevents new devices from
enrolling.
|
|||||
| CVE-2026-25513 | 1 Facturascripts | 1 Facturascripts | 2026-02-23 | N/A | 8.8 HIGH |
|
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy() method where user-supplied sorting parameters are directly concatenated into the SQL ORDER BY clause without validation or sanitization. This affects all API ...
Show More |
|||||
| CVE-2026-0663 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 4.9 MEDIUM |
|
Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.
|
|||||
| CVE-2025-20644 | 1 Mediatek | 41 Mt2735, Mt2737, Mt6833 and 38 more | 2026-02-17 | N/A | 6.5 MEDIUM |
|
In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747.
|
|||||
| CVE-2026-21527 | 1 Microsoft | 1 Exchange Server | 2026-02-11 | N/A | 6.5 MEDIUM |
|
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2026-21917 | 1 Juniper | 18 Junos, Srx1500, Srx1600 and 15 more | 2026-01-23 | N/A | 7.5 HIGH |
|
An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.
This issue affects Junos OS on SRX Series:
* 23.2 versions from 23.2R2-S2 before 23.2R2-S5,
* 23.4 versions from 23.4R2-S1 ...
Show More |
|||||
| CVE-2024-8160 | 1 Axis | 3 Axis Os, Axis Os 2022, Axis Os 2024 | 2026-01-22 | N/A | 3.8 LOW |
|
Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account.
Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
|
|||||
| CVE-2024-29041 | 1 Openjsf | 1 Express | 2025-12-18 | N/A | 6.1 MEDIUM |
|
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redir ...
Show More |
|||||
| CVE-2023-27043 | 3 Fedoraproject, Netapp, Python | 4 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 1 more | 2025-12-17 | N/A | 5.3 MEDIUM |
|
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
|
|||||
| CVE-2025-67492 | 1 Weblate | 1 Weblate | 2025-12-17 | N/A | 5.3 MEDIUM |
|
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability.
|
|||||
| CVE-2025-43878 | 1 F5 | 13 F5os-a, F5os-c, R10600 and 10 more | 2025-11-07 | N/A | 6.0 MEDIUM |
|
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2025-54995 | 1 Sangoma | 2 Asterisk, Certified Asterisk | 2025-11-03 | N/A | 6.5 MEDIUM |
|
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
|
|||||
| CVE-2025-55085 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-27 | N/A | 7.5 HIGH |
|
In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior.
|
|||||
| CVE-2025-41719 | 2025-10-22 | N/A | 8.8 HIGH | ||
|
A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password.
|
|||||
| CVE-2025-11573 | 2025-10-14 | N/A | 7.5 HIGH | ||
|
An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input.
To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not receive further updates.
|
|||||
| CVE-2025-10954 | 1 Textit | 1 Phonenumbers | 2025-10-03 | N/A | 5.3 MEDIUM |
|
Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range".
|
|||||
| CVE-2025-36262 | 1 Ibm | 1 Planning Analytics Local | 2025-10-03 | N/A | 4.9 MEDIUM |
|
IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13
could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.
|
|||||
| CVE-2024-6284 | 1 Google | 1 Nftables | 2025-09-26 | N/A | 7.3 HIGH |
|
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).
This issue affects: https://pkg.go.dev/github.com/google/[email protected]
The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/[email protected]
|
|||||
| CVE-2024-7954 | 2025-09-23 | N/A | 9.8 CRITICAL | ||
|
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
|
|||||
| CVE-2025-25007 | 1 Microsoft | 1 Exchange Server | 2025-09-03 | N/A | 5.3 MEDIUM |
|
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2024-39542 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-08-08 | N/A | 7.5 HIGH |
|
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS).
This issue can occur in two scenarios:
1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio ...
Show More |
|||||
| CVE-2024-6763 | 1 Eclipse | 1 Jetty | 2025-07-10 | N/A | 3.7 LOW |
|
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.
The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI
differs from the common browsers in how it handles a URI that would be
considered invalid if fully validated against the RRC. Specifically HttpURI
and the browser may differ on the value of the host extracted from an
invalid UR ...
Show More |
|||||
| CVE-2024-51982 | 2025-06-26 | N/A | 7.5 HIGH | ||
|
An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash.
|
|||||
| CVE-2024-51983 | 2025-06-26 | N/A | 7.5 HIGH | ||
|
An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device.
|
|||||
| CVE-2023-43850 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-05-30 | N/A | 6.5 MEDIUM |
|
Improper input validation in the user management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to cause a partial DoS of web interface via HTTP POST request.
|
|||||
| CVE-2023-44204 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-05-02 | N/A | 6.5 MEDIUM |
|
An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).
When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts.
This issue affects both eBGP and iBGP implementations.
This issue affects:
Juniper Networks Junos OS
* 21.4 versions prior to 21.4R3-S4;
* ...
Show More |
|||||
| CVE-2025-24345 | 2025-05-02 | N/A | 6.3 MEDIUM | ||
|
A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request.
|
|||||
| CVE-2025-24347 | 2025-05-02 | N/A | 6.5 MEDIUM | ||
|
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request.
|
|||||
| CVE-2025-24348 | 2025-05-02 | N/A | 5.4 MEDIUM | ||
|
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request.
|
|||||
| CVE-2025-24346 | 2025-05-02 | N/A | 7.5 HIGH | ||
|
A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request.
|
|||||
| CVE-2025-22868 | 1 Go | 1 Jws | 2025-05-01 | N/A | 7.5 HIGH |
|
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
|
|||||
| CVE-2025-46419 | 2025-04-29 | N/A | 5.9 MEDIUM | ||
|
Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet.
|
|||||
| CVE-2024-52362 | 1 Ibm | 2 App Connect Enterprise Certified Containers Operands, App Connect Operator | 2025-04-02 | N/A | 4.3 MEDIUM |
|
IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.
|
|||||
| CVE-2025-24812 | 2025-02-11 | N/A | 6.5 MEDIUM | ||
|
A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0) (All versions < V4.7), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0) (All versions < V4.7), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0) (All versions < V4.7), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0) (All versions < V4.7), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0) (All versions < V4.7), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0) (All v ...
Show More |
|||||
| CVE-2024-21598 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-02-06 | N/A | 7.5 HIGH |
|
An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.
This issue affects Juniper Networks
Junos OS:
* 20.4 versions 20.4R1 and later ve ...
Show More |
|||||
| CVE-2024-3384 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 7.5 HIGH |
|
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
|
|||||