Total
277647 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10229 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-01-03 | 9.8 Critical |
| udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. | ||||
| CVE-2023-4147 | 4 Debian, Fedoraproject, Linux and 1 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2025-01-03 | 7.8 High |
| A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. | ||||
| CVE-2024-21182 | 1 Oracle | 1 Weblogic Server | 2025-01-03 | 7.5 High |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2023-26802 | 1 Dcnglobal | 2 Dcbi-netlog-lab, Dcbi-netlog-lab Firmware | 2025-01-03 | 9.8 Critical |
| An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request. | ||||
| CVE-2023-27076 | 1 Tenda | 2 G103, G103 Firmware | 2025-01-03 | 9.8 Critical |
| Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter. | ||||
| CVE-2023-33568 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-01-03 | 7.5 High |
| An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. | ||||
| CVE-2023-33620 | 1 Gl-inet | 2 Gl-ar750s, Gl-ar750s Firmware | 2025-01-03 | 5.9 Medium |
| GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. | ||||
| CVE-2023-33621 | 1 Gl-inet | 2 Gl-ar750s, Gl-ar750s Firmware | 2025-01-03 | 5.9 Medium |
| GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay. | ||||
| CVE-2023-33695 | 1 Hutool | 1 Hutool | 2025-01-03 | 7.1 High |
| Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. | ||||
| CVE-2023-33817 | 1 Digitaldruid | 1 Hoteldruid | 2025-01-03 | 8.8 High |
| hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. | ||||
| CVE-2023-34537 | 1 Digitaldruid | 1 Hoteldruid | 2025-01-03 | 5.4 Medium |
| A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. | ||||
| CVE-2023-34944 | 1 Chamilo | 1 Chamilo Lms | 2025-01-03 | 9.8 Critical |
| An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file. | ||||
| CVE-2025-0175 | 2025-01-03 | 3.5 Low | ||
| A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view.php. The manipulation of the argument name/details leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0174 | 2025-01-03 | 6.3 Medium | ||
| A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /user/search_result2.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-34965 | 1 Sspanel-uim Project | 1 Sspanel-uim | 2025-01-03 | 5.3 Medium |
| SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information. | ||||
| CVE-2023-3218 | 1 It-novum | 1 Openitcockpit | 2025-01-03 | 4.4 Medium |
| Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5. | ||||
| CVE-2023-3224 | 1 Nuxt | 1 Nuxt | 2025-01-03 | 9.8 Critical |
| Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. | ||||
| CVE-2023-2827 | 1 Sap | 2 Digital Manufacturing, Plant Connectivity | 2025-01-03 | 7.9 High |
| SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing. | ||||
| CVE-2023-32114 | 1 Sap | 1 Netweaver | 2025-01-03 | 2.7 Low |
| SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application. | ||||
| CVE-2023-32115 | 1 Sap | 1 Master Data Synchronization | 2025-01-03 | 4.2 Medium |
| An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system. | ||||