Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1606 | 1 Mayurik | 1 Best Employee Management System | 2025-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2022-4331 | 1 Gitlab | 1 Gitlab | 2025-02-28 | N/A | 5.7 MEDIUM |
|
An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.
|
|||||
| CVE-2022-3767 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2025-02-28 | N/A | 7.7 HIGH |
|
Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.
|
|||||
| CVE-2021-34125 | 2 Dronecode, Yuneec | 3 Px4 Drone Autopilot, Mantis Q, Mantis Q Firmware | 2025-02-28 | N/A | 7.5 HIGH |
|
An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.
|
|||||
| CVE-2023-27850 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-28 | N/A | 6.8 MEDIUM |
|
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.
|
|||||
| CVE-2023-27115 | 1 Webassembly | 1 Webassembly | 2025-02-28 | N/A | 5.5 MEDIUM |
|
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.
|
|||||
| CVE-2025-21350 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-28 | N/A | 5.9 MEDIUM |
|
Windows Kerberos Denial of Service Vulnerability
|
|||||
| CVE-2025-21212 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-02-28 | N/A | 6.5 MEDIUM |
|
Internet Connection Sharing (ICS) Denial of Service Vulnerability
|
|||||
| CVE-2025-21208 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-02-28 | N/A | 8.8 HIGH |
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21259 | 1 Microsoft | 1 Outlook | 2025-02-28 | N/A | 5.3 MEDIUM |
|
Microsoft Outlook Spoofing Vulnerability
|
|||||
| CVE-2025-21254 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-02-28 | N/A | 6.5 MEDIUM |
|
Internet Connection Sharing (ICS) Denial of Service Vulnerability
|
|||||
| CVE-2025-21216 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-02-28 | N/A | 6.5 MEDIUM |
|
Internet Connection Sharing (ICS) Denial of Service Vulnerability
|
|||||
| CVE-2025-21322 | 1 Microsoft | 1 Pc Manager | 2025-02-28 | N/A | 7.8 HIGH |
|
Microsoft PC Manager Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21184 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-02-28 | N/A | 7.0 HIGH |
|
Windows Core Messaging Elevation of Privileges Vulnerability
|
|||||
| CVE-2025-21349 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-02-28 | N/A | 6.8 MEDIUM |
|
Windows Remote Desktop Configuration Service Tampering Vulnerability
|
|||||
| CVE-2025-21337 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-28 | N/A | 3.3 LOW |
|
Windows NTFS Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21347 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-02-28 | N/A | 6.0 MEDIUM |
|
Windows Deployment Services Denial of Service Vulnerability
|
|||||
| CVE-2025-21206 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-02-28 | N/A | 7.3 HIGH |
|
Visual Studio Installer Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-27851 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-27 | N/A | 8.8 HIGH |
|
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device.
|
|||||
| CVE-2023-0772 | 1 Optinmonster | 1 Optinmonster | 2025-02-27 | N/A | 6.5 MEDIUM |
|
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones.
|
|||||
| CVE-2022-2258 | 1 Octopus | 1 Octopus Server | 2025-02-27 | N/A | 4.3 MEDIUM |
|
In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items
|
|||||
| CVE-2025-24435 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-02-27 | N/A | 4.3 MEDIUM |
|
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2023-0749 | 1 Oceanwp | 1 Ocean Extra | 2025-02-27 | N/A | 6.5 MEDIUM |
|
The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones.
|
|||||
| CVE-2025-27098 | 1 The-guild | 2 Graphql Mesh Cli, Graphql Mesh Http | 2025-02-27 | N/A | 5.8 MEDIUM |
|
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any client to access the files in the server's file system. When `staticFiles` is set in the `serve` settings in the configuration file, the following handler doesn't check if `absolutePath` is still under the ...
Show More |
|||||
| CVE-2023-28339 | 1 Opendoas Project | 1 Opendoas | 2025-02-27 | N/A | 8.8 HIGH |
|
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later.
|
|||||
| CVE-2023-28154 | 1 Webpack.js | 1 Webpack | 2025-02-27 | N/A | 9.8 CRITICAL |
|
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
|
|||||
| CVE-2023-25595 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-02-27 | N/A | 5.5 MEDIUM |
|
A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allows an attacker to retrieve information that is of a sensitive nature to the ClearPass/OnGuard environment.
|
|||||
| CVE-2022-4313 | 1 Tenable | 2 Nessus, Plugin Feed | 2025-02-27 | N/A | 8.8 HIGH |
|
A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.
|
|||||
| CVE-2022-48424 | 1 Linux | 1 Linux Kernel | 2025-02-27 | N/A | 7.8 HIGH |
|
In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.
|
|||||
| CVE-2023-25591 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-02-27 | N/A | 7.6 HIGH |
|
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further privileges on the ClearPass instance.
|
|||||
| CVE-2023-25344 | 2 Swig-templates Project, Swig Project | 2 Swig-templates, Swig | 2025-02-27 | N/A | 9.8 CRITICAL |
|
An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function.
|
|||||
| CVE-2023-0100 | 1 Eclipse | 1 Business Intelligence And Reporting Tools | 2025-02-27 | N/A | 8.8 HIGH |
|
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) o ...
Show More |
|||||
| CVE-2021-47117 | 1 Linux | 1 Linux Kernel | 2025-02-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
We got follow bug_on when run fsstress with injecting IO fault:
[130747.323114] kernel BUG at fs/ext4/extents_status.c:762!
[130747.323117] Internal error: Oops - BUG: 0 [#1] SMP
......
[130747.334329] Call trace:
[130747.334553] ext4_es_cache_extent+0x150/0x168 [ext4]
[130747.334975] ext4_cache_extents+0x64/0xe8 [ext4]
[130747.335368] ext4_find_extent+ ...
Show More |
|||||
| CVE-2024-0798 | 1 Mintplexlabs | 1 Anythingllm | 2025-02-27 | N/A | 6.5 MEDIUM |
|
A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this vulnerability by sending a crafted DELETE request to the /api/system/remove-document endpoint. This vulnerability is due to improper access control checks, enabling unauthorized document deletion and potentially ...
Show More |
|||||
| CVE-2023-23150 | 1 Lancombg | 2 Sa-wr915nd, Sa-wr915nd Firmware | 2025-02-26 | N/A | 9.8 CRITICAL |
|
SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to code execution.
|
|||||
| CVE-2024-4266 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2025-02-26 | N/A | 5.3 MEDIUM |
|
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.
|
|||||
| CVE-2023-25069 | 2 Linux, Trendmicro | 2 Linux Kernel, Txone Stellarone | 2025-02-26 | N/A | 8.8 HIGH |
|
TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to.
Please note: an attacker must first obtain a low-privileged authenticated user's profile on the target system in order to exploit this vulnerability.
|
|||||
| CVE-2023-27087 | 1 Xuxueli | 1 Xxl-job | 2025-02-26 | N/A | 7.5 HIGH |
|
Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter.
|
|||||
| CVE-2023-27842 | 1 Extplorer | 1 Extplorer | 2025-02-26 | N/A | 8.8 HIGH |
|
Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent
|
|||||
| CVE-2023-24795 | 1 Jcgcn.com | 2 Jhr-n916r, Jhr-n916r Firmware | 2025-02-26 | N/A | 9.8 CRITICAL |
|
Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483.
|
|||||