Total
286436 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29315 | 2025-03-24 | N/A | ||
| An issue in the Shiro-based RBAC (Role-based Access Control) mechanism of OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request. | ||||
| CVE-2025-29314 | 2025-03-24 | N/A | ||
| Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack. | ||||
| CVE-2025-29313 | 2025-03-24 | N/A | ||
| Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service (DoS). | ||||
| CVE-2025-29312 | 2025-03-24 | N/A | ||
| An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct. | ||||
| CVE-2025-29311 | 2025-03-24 | N/A | ||
| Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attackers are able to leverage this vulnerability into creating crafted LLDP packets. | ||||
| CVE-2025-29310 | 2025-03-24 | N/A | ||
| An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information. | ||||
| CVE-2025-29135 | 2025-03-24 | N/A | ||
| A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function. | ||||
| CVE-2025-29100 | 2025-03-24 | N/A | ||
| Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list. | ||||
| CVE-2024-42398 | 2 Arubanetworks, Hp | 3 Arubaos, Instant, Instantos | 2025-03-24 | 5.3 Medium |
| Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | ||||
| CVE-2024-38874 | 1 Typo3 | 1 Events2 | 2025-03-24 | 5.4 Medium |
| An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users. | ||||
| CVE-2024-27850 | 1 Apple | 6 Ipad Os, Ipados, Iphone Os and 3 more | 2025-03-24 | 6.5 Medium |
| This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2024-27612 | 2025-03-24 | 6.2 Medium | ||
| Numbas editor before 7.3 mishandles editing of themes and extensions. | ||||
| CVE-2024-24996 | 1 Ivanti | 1 Avalanche | 2025-03-24 | N/A |
| A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands. | ||||
| CVE-2023-40160 | 2025-03-24 | 3.7 Low | ||
| Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server. | ||||
| CVE-2023-22792 | 2 Redhat, Rubyonrails | 2 Satellite, Rails | 2025-03-24 | 7.5 High |
| A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. | ||||
| CVE-2023-0624 | 1 Orangescrum | 1 Orangescrum | 2025-03-24 | 6.1 Medium |
| OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. | ||||
| CVE-2022-48302 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-48301 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. | ||||
| CVE-2022-48300 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-48294 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality. | ||||