Total
289036 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2259 | 2025-04-07 | N/A | ||
| In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. This issue follows an incomplete fix of CVE-2025-0727 | ||||
| CVE-2025-20656 | 2025-04-07 | 6.8 Medium | ||
| In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033. | ||||
| CVE-2025-31492 | 2025-04-07 | 7.5 High | ||
| mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are an OIDCProviderAuthRequestMethod POST, a valid account, and there mustn't be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), and the protected resource (with no headers). This is an example of a request for a protected resource, including all the data returned. In the case where mod_auth_openidc returns a form, it has to return OK from check_userid so as not to go down the error path in httpd. This means httpd will try to issue the protected resource. oidc_content_handler is called early, which has the opportunity to prevent the normal output being issued by httpd. oidc_content_handler has a number of checks for when it intervenes, but it doesn't check for this case, so the handler returns DECLINED. Consequently, httpd appends the protected content to the response. The issue has been patched in mod_auth_openidc versions >= 2.4.16.11. | ||||
| CVE-2025-32270 | 2025-04-07 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Broadstreet Broadstreet allows Cross Site Request Forgery. This issue affects Broadstreet: from n/a through 1.51.1. | ||||
| CVE-2025-32274 | 2025-04-07 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB allows Cross Site Request Forgery. This issue affects WP w3all phpBB: from n/a through 2.9.2. | ||||
| CVE-2025-32276 | 2025-04-07 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z allows Cross Site Request Forgery. This issue affects Administrator Z: from n/a through 2025.03.04. | ||||
| CVE-2025-32277 | 2025-04-07 | 4.3 Medium | ||
| Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 3.8211. | ||||
| CVE-2025-32278 | 2025-04-07 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wprio Table Block by RioVizual allows Cross Site Request Forgery. This issue affects Table Block by RioVizual: from n/a through 2.1.7. | ||||
| CVE-2025-3359 | 1 Redhat | 1 Enterprise Linux | 2025-04-07 | 6.2 Medium |
| A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. | ||||
| CVE-2025-32272 | 2025-04-07 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Wishlist allows Cross Site Request Forgery. This issue affects Wishlist: from n/a through 1.0.44. | ||||
| CVE-2025-32280 | 2025-04-07 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager allows Cross Site Request Forgery. This issue affects WP Project Manager: from n/a through 2.6.22. | ||||
| CVE-2024-58107 | 2025-04-07 | 7.5 High | ||
| Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-58132 | 2025-04-07 | 4 Medium | ||
| In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a panic. | ||||
| CVE-2025-31170 | 2025-04-07 | 8.4 High | ||
| Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | ||||
| CVE-2025-31172 | 2025-04-07 | 7.8 High | ||
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-58111 | 2025-04-07 | 7.5 High | ||
| Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-58113 | 2025-04-07 | 5.3 Medium | ||
| Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-20102 | 2025-04-07 | 3.3 Low | ||
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | ||||
| CVE-2025-21448 | 2025-04-07 | 7.5 High | ||
| Transient DOS may occur while parsing SSID in action frames. | ||||
| CVE-2024-56370 | 2025-04-07 | N/A | ||
| Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function. | ||||