Total
294986 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5011 | 2025-05-21 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5010 | 2025-05-21 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0129 | 2025-05-21 | N/A | N/A | ||
| An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables the user to use Prisma Access Browser without any restrictions. | |||||
| CVE-2024-6538 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
| A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to clients due to network filtering. Leveraging such an attack vector, the attacker can have an impact on other services and potentially disclose information or have other nefarious effects on the system. The /api/dev-console/proxy/internet endpoint on the OpenShift Console allows authenticated users to have the console's pod perform arbitrary and fully controlled HTTP(s) requests. The full response to these requests is returned by the endpoint. While the name of this endpoint suggests the requests are only bound to the internet, no such checks are in place. An authenticated user can therefore ask the console to perform arbitrary HTTP requests from outside the cluster to a service inside the cluster. | |||||
| CVE-2024-12243 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
| A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition. | |||||
| CVE-2025-5008 | 2025-05-20 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in projectworlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_teacher.php. The manipulation of the argument e leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-5007 | 2025-05-20 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the argument attachment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.17.1 is able to address this issue. The identifier of the patch is 2c4f44e808500db19c391159b30cb6142896d415. It is recommended to upgrade the affected component. | |||||
| CVE-2025-5006 | 2025-05-20 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5004 | 2025-05-20 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add_course.php. The manipulation of the argument c/subname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4436 | 2025-05-20 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2024-12133 | 2025-05-20 | N/A | 5.3 MEDIUM | ||
| A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack. | |||||
| CVE-2025-5003 | 2025-05-20 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /semester_ajax.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5002 | 2025-05-20 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_proposal_update_order.php. The manipulation of the argument order_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5001 | 2025-05-20 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-23122 | 2025-05-20 | N/A | N/A | ||
| Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23165. | |||||
| CVE-2025-5000 | 2025-05-20 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4999 | 2025-05-20 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub_4153FC of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument supplicant_rnd_id_en leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4998 | 2025-05-20 | 6.8 MEDIUM | 6.5 MEDIUM | ||
| A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic. Affected by this vulnerability is the function Edit_BasicSSID/Edit_BasicSSID_5G/SetAPWifiorLedInfoById/SetMobileAPInfoById/Asp_SetTimingtimeWifiAndLed/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-44898 | 2025-05-20 | N/A | N/A | ||
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the theauthName parameter in the web_aaa_loginAuthlistEdit function. | |||||
| CVE-2025-44897 | 2025-05-20 | N/A | N/A | ||
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftp_srvip parameter in the web_tool_upgradeManager_post function. | |||||