Total
291501 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-22228 | 1 Redhat | 1 Apache Camel Spring Boot | 2025-04-25 | 7.4 High |
BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. | ||||
CVE-2025-1181 | 2025-04-25 | 5 Medium | ||
A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue. | ||||
CVE-2024-9287 | 2 Python, Redhat | 4 Cpython, Python, Enterprise Linux and 1 more | 2025-04-25 | 7.8 High |
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | ||||
CVE-2024-6096 | 1 Progress | 1 Telerik Reporting | 2025-04-25 | 8.8 High |
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | ||||
CVE-2024-3447 | 1 Redhat | 2 Advanced Virtualization, Enterprise Linux | 2025-04-25 | 6 Medium |
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | ||||
CVE-2024-10846 | 2025-04-25 | 5.9 Medium | ||
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included | ||||
CVE-2018-5733 | 4 Canonical, Debian, Isc and 1 more | 9 Ubuntu Linux, Debian Linux, Dhcp and 6 more | 2025-04-25 | 7.5 High |
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. | ||||
CVE-2025-32984 | 2025-04-25 | 6.1 Medium | ||
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter. | ||||
CVE-2025-32983 | 2025-04-25 | 7.5 High | ||
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. | ||||
CVE-2025-46333 | 2025-04-25 | N/A | ||
z2d is a pure Zig 2D graphics library. In version 0.6.0, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, the source surface can be completely out-of-bounds on the x-axis (but not on the y-axis) by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version 0.6.1. | ||||
CVE-2025-32986 | 2025-04-25 | N/A | ||
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint. | ||||
CVE-2025-32985 | 2025-04-25 | N/A | ||
NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files. | ||||
CVE-2025-32982 | 2025-04-25 | N/A | ||
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module. | ||||
CVE-2025-32981 | 2025-04-25 | N/A | ||
NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File. | ||||
CVE-2025-32980 | 2025-04-25 | N/A | ||
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Weak Sudo Configuration. | ||||
CVE-2025-32979 | 2025-04-25 | N/A | ||
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users. | ||||
CVE-2025-28128 | 2025-04-25 | 7 High | ||
An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request. | ||||
CVE-2022-45535 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | 4.9 Medium |
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. | ||||
CVE-2022-45529 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | 4.9 Medium |
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information. | ||||
CVE-2022-45331 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | 7.5 High |
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information. |