Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4964 | 1 Winimage | 1 Winimage | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WinImage 8.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via an invalid BPB_BytsPerSec field in the header of a .IMG file.
|
|||||
| CVE-2008-3187 | 1 Opensuse | 1 Zypper | 2025-04-09 | 5.0 MEDIUM | N/A |
|
zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.
|
|||||
| CVE-2008-1532 | 1 Perlbal | 1 Perlbal | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload.
|
|||||
| CVE-2009-4488 | 1 Varnish.projects.linpro | 1 Varnish | 2025-04-09 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that yo ...
Show More |
|||||
| CVE-2009-2256 | 1 Netgear | 1 Dg632 | 2025-04-09 | 7.8 HIGH | N/A |
|
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.
|
|||||
| CVE-2008-1647 | 1 Chilkat Software | 1 Chilkathttp Activex | 2025-04-09 | 9.3 HIGH | N/A |
|
The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4618 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
|
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls.
|
|||||
| CVE-2008-5522 | 2 Avg, Microsoft | 2 Antivirus, Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
|
AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
|
|||||
| CVE-2008-3362 | 2 Giulio Ganci, Wordpress | 2 Wp Downloads Manager, Wp Downloads Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/.
|
|||||
| CVE-2006-6852 | 1 Tdiary | 1 Tdiary | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2021-26404 | 1 Amd | 46 Epyc 7003, Epyc 7003 Firmware, Epyc 7313 and 43 more | 2025-04-08 | N/A | 5.5 MEDIUM |
|
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.
|
|||||
| CVE-2023-32015 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-08 | N/A | 9.8 CRITICAL |
|
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-29371 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-08 | N/A | 7.8 HIGH |
|
Windows GDI Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-46372 | 1 Alotceriot | 2 Ar7088h-a, Ar7088h-a Firmware | 2025-04-08 | N/A | 7.2 HIGH |
|
Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution.
|
|||||
| CVE-2023-24937 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-04-08 | N/A | 6.5 MEDIUM |
|
Windows CryptoAPI Denial of Service Vulnerability
|
|||||
| CVE-2023-29359 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-08 | N/A | 7.8 HIGH |
|
GDI Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-22963 | 1 Personnummer | 1 Personnummer | 2025-04-07 | N/A | 5.3 MEDIUM |
|
The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression.
|
|||||
| CVE-2023-22898 | 1 Circl | 1 Pandora | 2025-04-07 | N/A | 6.5 MEDIUM |
|
workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb).
|
|||||
| CVE-2023-20532 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2025-04-07 | N/A | 5.3 MEDIUM |
|
Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
|
|||||
| CVE-2023-20530 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-07 | N/A | 7.5 HIGH |
|
Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
|
|||||
| CVE-2023-20528 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2025-04-07 | N/A | 2.4 LOW |
|
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
|
|||||
| CVE-2023-20527 | 1 Amd | 128 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 125 more | 2025-04-07 | N/A | 6.5 MEDIUM |
|
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
|
|||||
| CVE-2023-20525 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2025-04-07 | N/A | 6.5 MEDIUM |
|
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
|
|||||
| CVE-2023-20522 | 1 Amd | 4 Milanpi, Milanpi Firmware, Romepi and 1 more | 2025-04-07 | N/A | 7.5 HIGH |
|
Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.
|
|||||
| CVE-2025-3165 | 2025-04-07 | 4.3 MEDIUM | 5.3 MEDIUM | ||
|
A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckpt_path/quant_ckpt_dir leads to deserialization. An attack has to be approached locally.
|
|||||
| CVE-2025-31488 | 2025-04-07 | N/A | N/A | ||
|
Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE background to access the specified webpage without knowing it. This vulnerability is fixed in 2.9.3.
|
|||||
| CVE-2025-3068 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
|
Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2025-3070 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 6.5 MEDIUM |
|
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-5276 | 1 Fortra | 1 Filecatalyst Workflow | 2025-04-04 | N/A | 9.8 CRITICAL |
|
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst ...
Show More |
|||||
| CVE-2024-20484 | 1 Cisco | 1 Enterprise Chat And Email | 2025-04-04 | N/A | 7.5 HIGH |
|
A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successf ...
Show More |
|||||
| CVE-2022-45875 | 1 Apache | 1 Dolphinscheduler | 2025-04-03 | N/A | 9.8 CRITICAL |
|
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions.
This attack can be performed only by authenticated users which can login to DS.
|
|||||
| CVE-2019-5598 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable.
|
|||||
| CVE-2003-1487 | 1 Phorum | 1 Phorum | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
|
|||||
| CVE-2002-2354 | 1 Netgear | 1 Fm114p | 2025-04-03 | 7.8 HIGH | N/A |
|
Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests.
|
|||||
| CVE-2005-0116 | 1 Awstats | 1 Awstats | 2025-04-03 | 7.5 HIGH | N/A |
|
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
|
|||||
| CVE-2003-1485 | 1 Clearswift | 1 Mailsweeper | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space."
|
|||||
| CVE-2004-1125 | 3 Easy Software Products, Kde, Xpdf | 3 Cups, Kde, Xpdf | 2025-04-03 | 9.3 HIGH | N/A |
|
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
|
|||||
| CVE-2000-0380 | 1 Cisco | 1 Ios | 2025-04-03 | 7.1 HIGH | N/A |
|
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.
|
|||||
| CVE-2006-0914 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.5 MEDIUM | N/A |
|
Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error.
|
|||||
| CVE-2003-1443 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2025-04-03 | 4.4 MEDIUM | N/A |
|
Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com.
|
|||||