Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4886 | 1 Kubernetes | 1 Ingress-nginx | 2025-02-13 | N/A | 8.8 HIGH |
|
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
|
|||||
| CVE-2022-47185 | 1 Apache | 1 Traffic Server | 2025-02-13 | N/A | 7.5 HIGH |
|
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
|
|||||
| CVE-2022-47184 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2025-02-13 | N/A | 7.5 HIGH |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.
|
|||||
| CVE-2024-2409 | 1 Stylemixthemes | 1 Masterstudy Lms | 2025-02-13 | N/A | 9.8 CRITICAL |
|
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled.
|
|||||
| CVE-2023-28342 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-02-13 | N/A | 7.5 HIGH |
|
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
|
|||||
| CVE-2023-26817 | 1 Pgyer | 1 Codefever | 2025-02-12 | N/A | 8.8 HIGH |
|
codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php.
|
|||||
| CVE-2024-30269 | 1 Dataease | 1 Dataease | 2025-02-12 | N/A | 5.3 MEDIUM |
|
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.
|
|||||
| CVE-2024-23315 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-12 | N/A | 7.5 HIGH |
|
A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated packet to trigger this vulnerability.
|
|||||
| CVE-2023-29465 | 1 Sagemath | 1 Flintqs | 2025-02-12 | N/A | 5.5 MEDIUM |
|
SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS).
|
|||||
| CVE-2023-27180 | 1 Gdidees | 1 Gdidees Cms | 2025-02-12 | N/A | 7.5 HIGH |
|
GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php.
|
|||||
| CVE-2022-32871 | 1 Apple | 1 Iphone Os | 2025-02-12 | N/A | 2.4 LOW |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information
|
|||||
| CVE-2023-6533 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | N/A | 6.5 MEDIUM |
|
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.
|
|||||
| CVE-2023-6640 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | N/A | 6.5 MEDIUM |
|
Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.
|
|||||
| CVE-2024-2339 | 1 Dalibo | 1 Anonymizer | 2025-02-12 | N/A | 8.0 HIGH |
|
PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_ ...
Show More |
|||||
| CVE-2023-27729 | 1 F5 | 1 Njs | 2025-02-12 | N/A | 7.5 HIGH |
|
Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.
|
|||||
| CVE-2023-20680 | 2 Google, Mediatek | 22 Android, Mt6779, Mt6781 and 19 more | 2025-02-12 | N/A | 6.7 MEDIUM |
|
In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785.
|
|||||
| CVE-2023-0805 | 1 Gitlab | 1 Gitlab | 2025-02-12 | N/A | 4.9 MEDIUM |
|
An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.
|
|||||
| CVE-2024-34370 | 1 Wpfactory | 1 Ean For Woocommerce | 2025-02-12 | N/A | 7.2 HIGH |
|
Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9.
|
|||||
| CVE-2024-29035 | 1 Umbraco | 1 Umbraco Cms | 2025-02-12 | N/A | 4.1 MEDIUM |
|
Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.
|
|||||
| CVE-2025-20907 | 1 Samsung | 1 Android | 2025-02-12 | N/A | 6.0 MEDIUM |
|
Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.
|
|||||
| CVE-2025-20892 | 1 Samsung | 1 Android | 2025-02-12 | N/A | 5.9 MEDIUM |
|
Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-21253 | 1 Microsoft | 1 Edge | 2025-02-11 | N/A | 5.3 MEDIUM |
|
Microsoft Edge for IOS and Android Spoofing Vulnerability
|
|||||
| CVE-2025-21267 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 4.4 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2025-21279 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 6.5 MEDIUM |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-1426 | 1 Keetrax | 1 Wp Tiles | 2025-02-11 | N/A | 6.5 MEDIUM |
|
The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.
|
|||||
| CVE-2025-21283 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 6.5 MEDIUM |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21342 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 8.8 HIGH |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21404 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 4.3 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2023-51546 | 1 Webtoffee | 1 Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels | 2025-02-11 | N/A | 7.2 HIGH |
|
Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1.
|
|||||
| CVE-2024-11128 | 1 Bitdefender | 1 Virus Scanner | 2025-02-11 | N/A | 7.8 HIGH |
|
A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18.
|
|||||
| CVE-2024-5813 | 1 Beyondtrust | 1 Beyondinsight Password Safe | 2025-02-11 | N/A | 5.9 MEDIUM |
|
A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.
|
|||||
| CVE-2024-21697 | 1 Atlassian | 1 Sourcetree | 2025-02-11 | N/A | 8.8 HIGH |
|
This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.
Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows cust ...
Show More |
|||||
| CVE-2023-27192 | 1 Dualspace | 1 Super Security | 2025-02-11 | N/A | 9.8 CRITICAL |
|
An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the key_wifi_safe_net_check_url, KEY_Cirus_scan_whitelist and KEY_AD_NEW_USER_AVOID_TIME parameters.
|
|||||
| CVE-2025-21408 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 8.8 HIGH |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38761 | 1 Zephyr-one | 1 Zephyr Project Manager | 2025-02-11 | N/A | 7.5 HIGH |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99.
|
|||||
| CVE-2023-26986 | 1 Chinamobileltd | 1 Oa Mailbox Pc | 2025-02-11 | N/A | 7.8 HIGH |
|
An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox.
|
|||||
| CVE-2022-46703 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-02-11 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to read sensitive location information
|
|||||
| CVE-2024-1403 | 1 Progress | 1 Openedge | 2025-02-11 | N/A | 10.0 CRITICAL |
|
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The
vulnerability is a bypass to authentication based on a failure to properly
handle username and password. Certain unexpected
content passed into the credentials can lead to unauthorized access without proper
authentication.
|
|||||
| CVE-2023-26774 | 1 Sales Tracker Management System Project | 1 Sales Tracker Management System | 2025-02-11 | N/A | 7.5 HIGH |
|
An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint.
|
|||||
| CVE-2023-25414 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2025-02-11 | N/A | 5.3 MEDIUM |
|
Aten PE8108 2.4.232 is vulnerable to denial of service (DOS).
|
|||||