Total
284430 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26735 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2025-02-27 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family. | ||||
| CVE-2023-52235 | 1 Spacex Starlink Wi Fi Router Gen 2 | 1 Spacex Starlink Wi Fi Router Gen 2 | 2025-02-27 | 8.8 High |
| SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack. | ||||
| CVE-2023-28339 | 1 Opendoas Project | 1 Opendoas | 2025-02-27 | 8.8 High |
| OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later. | ||||
| CVE-2023-28154 | 2 Redhat, Webpack.js | 2 Enterprise Linux, Webpack | 2025-02-27 | 9.8 Critical |
| Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. | ||||
| CVE-2023-28144 | 1 Kdab | 1 Hotspot | 2025-02-27 | 7 High |
| KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls. | ||||
| CVE-2023-27234 | 1 Jizhicms | 1 Jizhicms | 2025-02-27 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. | ||||
| CVE-2023-27073 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-02-27 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request. | ||||
| CVE-2023-27070 | 1 Totaljs | 1 Openplatform | 2025-02-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field. | ||||
| CVE-2023-26912 | 1 S-mall-ssm Project | 1 S-mall-ssm | 2025-02-27 | 4.8 Medium |
| Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button. | ||||
| CVE-2023-25283 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2025-02-27 | 7.5 High |
| A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the reserveDHCP_HostName_1.1.1.0 parameter to lan.asp. | ||||
| CVE-2022-48111 | 1 Siri-informatica | 1 Wi400 | 2025-02-27 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter. | ||||
| CVE-2024-3221 | 2025-02-27 | 6.3 Medium | ||
| A vulnerability classified as critical was found in SourceCodester PHP Task Management System 1.0. This vulnerability affects unknown code of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259066 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0629 | 1 Docker | 1 Docker Desktop | 2025-02-27 | 7.1 High |
| Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0. | ||||
| CVE-2024-28782 | 2025-02-27 | 6.3 Medium | ||
| IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698. | ||||
| CVE-2024-3256 | 1 Chatikobo | 1 Internship Portal Management System | 2025-02-27 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Internship Portal Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit_activity.php. The manipulation of the argument activity_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259105 was assigned to this vulnerability. | ||||
| CVE-2024-22360 | 1 Ibm | 1 Db2 | 2025-02-27 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905. | ||||
| CVE-2024-31419 | 1 Redhat | 1 Container Native Virtualization | 2025-02-27 | 4.3 Medium |
| An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator. | ||||
| CVE-2023-0628 | 1 Docker | 1 Docker Desktop | 2025-02-27 | 6.1 Medium |
| Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. | ||||
| CVE-2023-1355 | 1 Vim | 1 Vim | 2025-02-27 | 5.5 Medium |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. | ||||
| CVE-2025-21786 | 2025-02-27 | 7.8 High | ||
| In the Linux kernel, the following vulnerability has been resolved: workqueue: Put the pwq after detaching the rescuer from the pool The commit 68f83057b913("workqueue: Reap workers via kthread_stop() and remove detach_completion") adds code to reap the normal workers but mistakenly does not handle the rescuer and also removes the code waiting for the rescuer in put_unbound_pool(), which caused a use-after-free bug reported by Cheung Wall. To avoid the use-after-free bug, the pool’s reference must be held until the detachment is complete. Therefore, move the code that puts the pwq after detaching the rescuer from the pool. | ||||