Total
58825 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21425 | 2025-04-08 | 7.3 High | ||
| Memory corruption may occur due top improper access control in HAB process. | ||||
| CVE-2025-21428 | 2025-04-08 | 7.5 High | ||
| Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session. | ||||
| CVE-2025-21429 | 2025-04-08 | 7.5 High | ||
| Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. | ||||
| CVE-2025-21436 | 2025-04-08 | 7.8 High | ||
| Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads. | ||||
| CVE-2025-21437 | 2025-04-08 | 7.8 High | ||
| Memory corruption while processing memory map or unmap IOCTL operations simultaneously. | ||||
| CVE-2025-21438 | 2025-04-08 | 7.8 High | ||
| Memory corruption while IOCTL call is invoked from user-space to read board data. | ||||
| CVE-2025-21439 | 2025-04-08 | 7.8 High | ||
| Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer. | ||||
| CVE-2025-21440 | 2025-04-08 | 7.8 High | ||
| Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | ||||
| CVE-2025-21441 | 2025-04-08 | 7.8 High | ||
| Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | ||||
| CVE-2025-21442 | 2025-04-08 | 7.8 High | ||
| Memory corruption while transmitting packet mapping information with invalid header payload size. | ||||
| CVE-2025-21443 | 2025-04-08 | 7.8 High | ||
| Memory corruption while processing message content in eAVB. | ||||
| CVE-2025-21447 | 2025-04-08 | 7.8 High | ||
| Memory corruption may occur while processing device IO control call for session control. | ||||
| CVE-2025-3401 | 2025-04-08 | 7.3 High | ||
| A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 and classified as critical. This vulnerability affects unknown code of the file /parameter/getLimitIPList.jsp. The manipulation of the argument noticeId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3400 | 2025-04-08 | 7.3 High | ||
| A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3399 | 2025-04-08 | 7.3 High | ||
| A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5.6.3.154.205_20250114. Affected by this issue is some unknown functionality of the file /pubinfo/updateNotice.jsp. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2526 | 2025-04-08 | 8.8 High | ||
| The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | ||||
| CVE-2025-2525 | 2025-04-08 | 8.8 High | ||
| The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'st_Authentication_Controller::edit_profile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-32409 | 2025-04-07 | 8.1 High | ||
| Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended handling of concurrency. | ||||
| CVE-2025-3384 | 2025-04-07 | 7.3 High | ||
| A vulnerability was found in 1000 Projects Human Resource Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /controller/employee.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3383 | 2025-04-07 | 7.3 High | ||
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search/search_sales.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||