Total
20 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-50976 | 2026-02-03 | N/A | 7.7 HIGH | ||
|
A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.
|
|||||
| CVE-2024-39515 | 1 Juniper | 2 Junos, Junos Os Evolved | 2026-01-23 | N/A | 7.5 HIGH |
|
An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
In some cases, rpd fails to restart requiring a manual restart via the ' ...
Show More |
|||||
| CVE-2025-10929 | 1 Reverse Proxy Header Project | 1 Reverse Proxy Header | 2025-12-12 | N/A | 5.3 MEDIUM |
|
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
|
|||||
| CVE-2024-5953 | 2025-11-03 | N/A | 5.7 MEDIUM | ||
|
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
|
|||||
| CVE-2025-2885 | 1 Amazon | 1 Tough | 2025-10-14 | N/A | 4.5 MEDIUM |
|
Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes.
|
|||||
| CVE-2023-32701 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-09-09 | N/A | 7.1 HIGH |
|
Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.
|
|||||
| CVE-2025-9999 | 2025-09-05 | N/A | N/A | ||
|
Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application.
|
|||||
| CVE-2024-12093 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 6.8 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.
|
|||||
| CVE-2025-46722 | 1 Vllm | 1 Vllm | 2025-06-24 | N/A | 4.2 MEDIUM |
|
vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image objects using only obj.tobytes(), which returns only the raw pixel data, without including metadata such as the image’s shape (width, height, mode). As a result, two images of different sizes (e.g., 30 ...
Show More |
|||||
| CVE-2024-25951 | 1 Dell | 1 Idrac8 | 2025-01-31 | N/A | 8.0 HIGH |
|
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
|
|||||
| CVE-2024-31140 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 4.1 MEDIUM |
|
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
|
|||||
| CVE-2024-31136 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 7.4 HIGH |
|
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
|
|||||
| CVE-2024-27375 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sdea_service_specific_info_len coming from userspace, which can lead to a heap overwrite.
|
|||||
| CVE-2024-27371 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite.
|
|||||
| CVE-2023-6245 | 1 Dfinity | 1 Candid | 2024-11-21 | N/A | 7.5 HIGH |
|
The Candid library causes a Denial of Service while
parsing a specially crafted payload with 'empty' data type. For example,
if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop.
Canisters using ...
Show More |
|||||
| CVE-2023-1620 | 1 Wago | 152 750-331, 750-331 Firmware, 750-8202 and 149 more | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
|
|||||
| CVE-2023-1619 | 1 Wago | 152 750-331, 750-331 Firmware, 750-8202 and 149 more | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
|
|||||
| CVE-2022-39353 | 2 Debian, Xmldom Project | 2 Debian Linux, Xmldom | 2024-11-21 | N/A | 9.4 CRITICAL |
|
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldo ...
Show More |
|||||
| CVE-2021-41531 | 1 Nlnetlabs | 1 Routinator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.
|
|||||
| CVE-2024-8305 | 1 Mongodb | 1 Mongodb | 2024-11-07 | N/A | 6.5 MEDIUM |
|
prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4
|
|||||