Search Results (45842 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-29891 1 Apache 1 Camel 2025-04-02 4.8 Medium
Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, or the camel-exec component. If you have Camel applications that are directly connected to the internet via HTTP, then an attacker could include parameters in the HTTP requests that are sent to the Camel application that get translated into headers.  The headers could be both provided as request parameters for an HTTP methods invocation or as part of the payload of the HTTP methods invocation. All the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box. This CVE is related to the CVE-2025-27636: while they have the same root cause and are fixed with the same fix, CVE-2025-27636 was assumed to only be exploitable if an attacker could add malicious HTTP headers, while we have now determined that it is also exploitable via HTTP parameters. Like in CVE-2025-27636, exploitation is only possible if the Camel route uses particular vulnerable components.
CVE-2025-25975 1 Jonschlinkert 1 Parse-git-config 2025-04-02 7.5 High
An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function
CVE-2024-25366 1 Mz-automation 1 Libiec61850 2025-04-02 6.2 Medium
Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.
CVE-2024-25196 2 Opennav, Openrobotics 2 Nav2, Robot Operating System 2025-04-02 3.3 Low
Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file.
CVE-2021-33631 2 Openatom, Redhat 5 Openeuler, Enterprise Linux, Logging and 2 more 2025-04-02 5.5 Medium
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.
CVE-2023-24021 3 Debian, Redhat, Trustwave 3 Debian Linux, Jboss Core Services, Modsecurity 2025-04-02 7.5 High
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
CVE-2023-24096 1 Trendnet 2 Tew-820ap, Tew-820ap Firmware 2025-04-02 8.8 High
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-24056 1 Pkgconf 1 Pkgconf 2025-04-02 5.5 Medium
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
CVE-2023-24039 1 Opengroup 1 Common Desktop Environment 2025-04-02 7.8 High
A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-24038 2 Debian, Html-stripscripts Project 2 Debian Linux, Html-stripscripts 2025-04-02 7.5 High
The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.
CVE-2022-20213 1 Google 1 Android 2025-04-02 5.5 Medium
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508
CVE-2023-0435 1 Pyload 1 Pyload 2025-04-02 9.8 Critical
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41.
CVE-2023-20913 1 Google 1 Android 2025-04-02 7.8 High
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785
CVE-2022-20215 1 Google 1 Android 2025-04-02 5.5 Medium
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206
CVE-2022-1892 1 Lenovo 140 100e 2nd Gen, 100e 2nd Gen Firmware, 100w Gen 3 and 137 more 2025-04-02 6.7 Medium
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
CVE-2019-11287 5 Broadcom, Debian, Fedoraproject and 2 more 5 Rabbitmq Server, Debian Linux, Fedora and 2 more 2025-04-02 7.5 High
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
CVE-2023-0433 1 Vim 1 Vim 2025-04-02 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
CVE-2025-27788 1 Ruby-lang 1 Javascript Object Notation 2025-04-02 7.5 High
JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available.
CVE-2025-1917 1 Google 2 Android, Chrome 2025-04-01 4.3 Medium
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-1921 1 Google 1 Chrome 2025-04-01 6.5 Medium
Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)