Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3949 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.
|
|||||
| CVE-2013-1384 | 1 Adobe | 1 Shockwave Player | 2025-04-11 | 10.0 HIGH | N/A |
|
Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1386.
|
|||||
| CVE-2012-0533 | 1 Oracle | 1 Peoplesoft Products | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise FCSM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Receivables.
|
|||||
| CVE-2011-0833 | 1 Oracle | 1 Siebel Crm | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 7.8.2, 8.0.0, and 8.1.1 allows remote attackers to affect integrity, related to UIF Client.
|
|||||
| CVE-2013-3760 | 1 Oracle | 1 Database Server | 2025-04-11 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-3771.
|
|||||
| CVE-2012-5674 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors.
|
|||||
| CVE-2013-5867 | 1 Oracle | 1 Siebel Crm | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via vectors related to SISNAPI & Network Infrastructure.
|
|||||
| CVE-2013-0765 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Seamonkey and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
|
|||||
| CVE-2013-1534 | 1 Oracle | 1 Database Server | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 11.2.0.3, when used in RAC configurations, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2010-2308 | 1 Sophos | 1 Anti-virus | 2025-04-11 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function.
|
|||||
| CVE-2012-3271 | 1 Hp | 2 Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2025-04-11 | 9.3 HIGH | N/A |
|
Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.
|
|||||
| CVE-2010-1943 | 1 Nec | 1 Capsuite Patchmeister | 2025-04-11 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015.
|
|||||
| CVE-2013-2461 | 2 Oracle, Sun | 5 Jdk, Jre, Jrockit and 2 more | 2025-04-11 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another ve ...
Show More |
|||||
| CVE-2012-0557 | 1 Oracle | 1 Fusion Middleware | 2025-04-11 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK, a different vulnerability than CVE-2012-0554, CVE-2012-0555, and CVE-2012-0556.
|
|||||
| CVE-2013-0413 | 1 Sun | 1 Sunos | 2025-04-11 | 4.4 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service.
|
|||||
| CVE-2010-1348 | 1 Ibm | 1 Websphere Portal | 2025-04-11 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors.
|
|||||
| CVE-2011-2957 | 1 Rockwellautomation | 1 Factorytalk Diagnostics Viewer | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer (.ftd) configuration file, which triggers memory corruption.
|
|||||
| CVE-2012-3330 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request.
|
|||||
| CVE-2022-24894 | 1 Sensiolabs | 1 Symfony | 2025-04-10 | N/A | 5.9 MEDIUM |
|
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the ...
Show More |
|||||
| CVE-2023-39520 | 1 Cryptomator | 1 Cryptomator | 2025-04-10 | N/A | 5.5 MEDIUM |
|
Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell ...
Show More |
|||||
| CVE-2023-37266 | 1 Icewhale | 1 Casaos | 2025-04-10 | N/A | 9.8 CRITICAL |
|
CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly ...
Show More |
|||||
| CVE-2022-31766 | 1 Siemens | 32 Ruggedcom Rm1224, Ruggedcom Rm1224 Firmware, Scalance M804pb and 29 more | 2025-04-10 | N/A | 8.6 HIGH |
|
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router ...
Show More |
|||||
| CVE-2024-33552 | 1 8theme | 1 Xstore Core | 2025-04-10 | N/A | 9.8 CRITICAL |
|
Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.
|
|||||
| CVE-2024-3789 | 1 Whitebearsolutions | 1 Wbsairback | 2025-04-10 | N/A | 6.5 MEDIUM |
|
Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04. This vulnerability could allow an attacker to send multiple command injection payloads to influence the amount of resources consumed.
|
|||||
| CVE-2024-1436 | 1 Wiloke | 1 Myshopkit | 2025-04-10 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit.This issue affects WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit: from n/a through 1.0.9.
|
|||||
| CVE-2023-45593 | 1 Ailux | 1 Imx6 | 2025-04-10 | N/A | 6.8 MEDIUM |
|
A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
|
|||||
| CVE-2022-47634 | 1 Isode | 1 M-link | 2025-04-10 | N/A | 8.1 HIGH |
|
M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867.
|
|||||
| CVE-2022-45213 | 1 Perfsonar | 1 Perfsonar | 2025-04-10 | N/A | 5.3 MEDIUM |
|
perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.
|
|||||
| CVE-2023-41665 | 1 Givewp | 1 Givewp | 2025-04-10 | N/A | 8.8 HIGH |
|
Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0.
|
|||||
| CVE-2024-21028 | 1 Oracle | 1 Complex Maintenance Repair And Overhaul | 2025-04-10 | N/A | 6.1 MEDIUM |
|
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Ove ...
Show More |
|||||
| CVE-2024-25644 | 1 Sap | 1 Netweaver | 2025-04-10 | N/A | 5.3 MEDIUM |
|
Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.
|
|||||
| CVE-2025-25281 | 1 Outbackpower | 2 Mojave Inverter Oghi8048a, Mojave Inverter Oghi8048a Firmware | 2025-04-10 | N/A | 7.5 HIGH |
|
An attacker may modify the URL to discover sensitive information about the target network.
|
|||||
| CVE-2024-21149 | 1 Oracle | 1 Enterprise Asset Management | 2025-04-10 | N/A | 8.1 HIGH |
|
Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Work Definition Issues). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Asset Management ...
Show More |
|||||
| CVE-2023-33140 | 1 Microsoft | 1 Onenote | 2025-04-10 | N/A | 6.5 MEDIUM |
|
Microsoft OneNote Spoofing Vulnerability
|
|||||
| CVE-2024-36389 | 2 Canonical, Milesight | 2 Ubuntu Linux, Devicehub | 2025-04-10 | N/A | 9.8 CRITICAL |
|
MileSight DeviceHub -
CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass
|
|||||
| CVE-2024-21048 | 1 Oracle | 1 Web Applications Desktop Integrator | 2025-04-10 | N/A | 4.3 MEDIUM |
|
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: XML input). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Ba ...
Show More |
|||||
| CVE-2024-21141 | 1 Oracle | 1 Vm Virtualbox | 2025-04-10 | N/A | 8.2 HIGH |
|
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in ...
Show More |
|||||
| CVE-2022-43528 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-04-10 | N/A | 4.8 MEDIUM |
|
Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and password and successfully bypass MFA requirements in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator ...
Show More |
|||||
| CVE-2022-43539 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | N/A | 5.7 MEDIUM |
|
A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that allows for unauthorized actions as a privileged user on the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below ...
Show More |
|||||
| CVE-2025-30361 | 1 Wegia | 1 Wegia | 2025-04-10 | N/A | 9.8 CRITICAL |
|
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass authentication and authorization mechanisms to reset the password of any user, including admin accounts. Version 3.2.6 fixes the issue.
|
|||||