Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47544 | 1 Siren | 1 Investigate | 2025-04-10 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed.
|
|||||
| CVE-2022-47543 | 1 Siren | 1 Investigate | 2025-04-10 | N/A | 5.3 MEDIUM |
|
An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects.
|
|||||
| CVE-2022-47086 | 1 Gpac | 1 Gpac | 2025-04-10 | N/A | 5.5 MEDIUM |
|
GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c
|
|||||
| CVE-2022-46457 | 1 Nasm | 1 Netwide Assembler | 2025-04-10 | N/A | 5.5 MEDIUM |
|
NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
|
|||||
| CVE-2022-43540 | 2 Apple, Arubanetworks | 2 Macos, Clearpass Policy Manager | 2025-04-10 | N/A | 5.5 MEDIUM |
|
A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
|
|||||
| CVE-2023-40515 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 7.5 HIGH |
|
LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the joinAddUser method. The issue results from improper input validation. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
. Was ZDI-CAN- ...
Show More |
|||||
| CVE-2024-47214 | 1 Snowplow | 1 Iglu Server | 2025-04-10 | N/A | 7.5 HIGH |
|
An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, it can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.
|
|||||
| CVE-2022-46762 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | N/A | 7.5 HIGH |
|
The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2022-46761 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | N/A | 7.5 HIGH |
|
The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.
|
|||||
| CVE-2022-47976 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | N/A | 7.5 HIGH |
|
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.
|
|||||
| CVE-2022-47974 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | N/A | 6.5 MEDIUM |
|
The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.
|
|||||
| CVE-2025-30401 | 1 Whatsapp | 1 Whatsapp | 2025-04-09 | N/A | 6.7 MEDIUM |
|
A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. We have not seen evidence of exploitation in the wild.
|
|||||
| CVE-2024-24748 | 1 Discourse | 1 Discourse | 2025-04-09 | N/A | 5.3 MEDIUM |
|
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2024-28851 | 1 Snowflake | 1 Snowflake Hive Metastore Connector | 2025-04-09 | N/A | 4.0 MEDIUM |
|
The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the sa ...
Show More |
|||||
| CVE-2021-26355 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-09 | N/A | 5.5 MEDIUM |
|
Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service.
|
|||||
| CVE-2021-26328 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-09 | N/A | 4.4 MEDIUM |
|
Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.
|
|||||
| CVE-2022-3870 | 1 Gitlab | 1 Gitlab | 2025-04-09 | N/A | 5.3 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private instances that restrict public level visibility.
|
|||||
| CVE-2024-31393 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-09 | N/A | 4.3 MEDIUM |
|
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.
|
|||||
| CVE-2024-31392 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-09 | N/A | 7.5 HIGH |
|
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.
|
|||||
| CVE-2008-0903 | 1 Bea Systems | 2 Weblogic Express, Weblogic Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
|
|||||
| CVE-2007-4884 | 1 Media Player Classic | 1 Media Player Classic | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Media Player Classic (MPC) allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
|
|||||
| CVE-2008-4007 | 1 Oracle | 2 Jd Edwards Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise Components component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2008-2570 | 1 Limesurvey | 1 Limesurvey | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors.
|
|||||
| CVE-2008-5160 | 1 Myserver | 1 Myserver | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error."
|
|||||
| CVE-2008-2582 | 1 Oracle | 2 Bea Product Suite, Weblogic Server Component | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors.
|
|||||
| CVE-2009-2368 | 1 Matteo Ricchetti | 1 Ss5 | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors.
|
|||||
| CVE-2008-5495 | 1 Gungho | 1 Loadprgax Control | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control 1.0.0.6 and earlier allows remote attackers to execute arbitrary Java applications via unknown vectors.
|
|||||
| CVE-2007-1489 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability.
|
|||||
| CVE-2009-2543 | 1 Ibm | 4 Proventia Desktop Endpoint Security, Proventia Network Mail Security System, Proventia Network Mail Security System Vitual Appliance and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allow remote attackers to bypass detection of malware via a modified (1) ZIP or (2) CAB archive, a related issue to CVE-2009-1240.
|
|||||
| CVE-2009-1006 | 2 Oracle, Sun | 4 Jrockit, Jdk, Jre and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2009-1001 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold through SP6 allows remote authenticated users to gain privileges via unknown vectors.
|
|||||
| CVE-2007-5946 | 1 Hp | 1 Hp-ux | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.
|
|||||
| CVE-2008-2423 | 1 Interchange Development Group | 1 Interchange | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 allows remote attackers to cause a denial of service via crafted HTTP requests. NOTE: this might overlap CVE-2007-2635.
|
|||||
| CVE-2007-6691 | 1 Menalto | 1 Gallery | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules.
|
|||||
| CVE-2008-0331 | 1 Funkwerk | 2 System Software, X2300 | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests.
|
|||||
| CVE-2008-6973 | 1 Ibm | 1 Websphere Commerce | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors.
|
|||||
| CVE-2007-6118 | 2 Ethereal Group, Wireshark | 2 Ethereal, Wireshark | 2025-04-09 | 7.8 HIGH | N/A |
|
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
|
|||||
| CVE-2008-2548 | 1 Motorola | 1 Razr | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption.
|
|||||
| CVE-2009-0009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.
|
|||||
| CVE-2009-2849 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.7 MEDIUM | N/A |
|
The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker.
|
|||||