Total
288280 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0529 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-03-28 | 4.7 Medium |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219598 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0532 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-03-28 | 4.7 Medium |
| A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219601 was assigned to this vulnerability. | ||||
| CVE-2023-0549 | 1 Yetanotherforum | 1 Yaf.net | 2025-03-28 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The identifier of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability. | ||||
| CVE-2024-13497 | 1 Tripetto | 1 Tripetto | 2025-03-28 | 7.2 High |
| The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file. | ||||
| CVE-2020-8745 | 2 Intel, Siemens | 43 Converged Security And Manageability Engine, Trusted Execution Technology, Simatic Drive Controller and 40 more | 2025-03-28 | 6.8 Medium |
| Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | ||||
| CVE-2016-9840 | 9 Apple, Boost, Canonical and 6 more | 23 Iphone Os, Mac Os X, Tvos and 20 more | 2025-03-28 | 8.8 High |
| inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | ||||
| CVE-2018-25032 | 12 Apple, Azul, Debian and 9 more | 46 Mac Os X, Macos, Zulu and 43 more | 2025-03-28 | 7.5 High |
| zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | ||||
| CVE-2025-29927 | 2025-03-28 | 9.1 Critical | ||
| Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3. | ||||
| CVE-2025-26265 | 2025-03-28 | 6.5 Medium | ||
| A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE Context Modification response. | ||||
| CVE-2024-56171 | 1 Redhat | 9 Enterprise Linux, Openshift, Openshift Ai and 6 more | 2025-03-28 | 7.8 High |
| libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. | ||||
| CVE-2024-54085 | 2025-03-28 | N/A | ||
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | ||||
| CVE-2024-4317 | 2 Postgresql, Redhat | 3 Postgresql, Enterprise Linux, Rhel Eus | 2025-03-28 | 3.1 Low |
| Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected. | ||||
| CVE-2024-43484 | 4 Apple, Linux, Microsoft and 1 more | 26 Macos, Linux Kernel, .net and 23 more | 2025-03-28 | 7.5 High |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-20672 | 1 Microsoft | 1 .net | 2025-03-28 | 7.5 High |
| .NET Denial of Service Vulnerability | ||||
| CVE-2023-24830 | 1 Apache | 1 Iotdb | 2025-03-28 | 7.5 High |
| Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3. | ||||
| CVE-2023-24623 | 1 Paranoidhttp Project | 1 Paranoidhttp | 2025-03-28 | 7.5 High |
| Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. | ||||
| CVE-2023-24622 | 1 Includesecurity | 1 Safeurl-python | 2025-03-28 | 5.3 Medium |
| isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. | ||||
| CVE-2023-24531 | 1 Gotoolchain | 1 Cmd\/go | 2025-03-28 | 9.8 Critical |
| Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is relatively minor because, in general, if an attacker can set arbitrary environment variables on a system, they have better attack vectors than making "go env" print them out. | ||||
| CVE-2023-23151 | 1 Bloofox | 1 Bloofoxcms | 2025-03-28 | 6.5 Medium |
| bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php. | ||||
| CVE-2023-22324 | 1 Contec | 1 Conprosys Hmi System | 2025-03-28 | 6.5 Medium |
| SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained. | ||||