Total
10511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26159 | 1 Follow-redirects | 1 Follow Redirects | 2025-06-17 | N/A | 7.3 HIGH |
| Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | |||||
| CVE-2024-21507 | 1 Sidorares | 1 Mysql2 | 2025-06-17 | N/A | 6.5 MEDIUM |
| Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. | |||||
| CVE-2023-50694 | 1 Dom96 | 1 Httpbeast | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component. | |||||
| CVE-2024-33792 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | |||||
| CVE-2025-5497 | 1 Phpwcms | 1 Phpwcms | 2025-06-13 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. The manipulation of the argument cnt_text leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-4905 | 1 Washington | 1 Basestation | 2025-06-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far. | |||||
| CVE-2025-0037 | 2025-06-12 | N/A | 6.6 MEDIUM | ||
| In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality. | |||||
| CVE-2025-3898 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver. | |||||
| CVE-2025-3116 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. | |||||
| CVE-2025-4680 | 2025-06-12 | N/A | N/A | ||
| Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0. | |||||
| CVE-2025-0051 | 2025-06-12 | N/A | N/A | ||
| Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service. | |||||
| CVE-2025-0052 | 2025-06-12 | N/A | N/A | ||
| Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service. | |||||
| CVE-2024-1243 | 2025-06-12 | N/A | N/A | ||
| Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. | |||||
| CVE-2024-1244 | 2025-06-12 | N/A | N/A | ||
| Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. | |||||
| CVE-2023-39456 | 2 Apache, Fedoraproject | 2 Traffic Server, Fedora | 2025-06-12 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue. | |||||
| CVE-2025-47888 | 1 Jenkins | 1 Dingtalk | 2025-06-12 | N/A | 5.9 MEDIUM |
| Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. | |||||
| CVE-2024-27447 | 1 Pretix | 1 Pretix | 2025-06-11 | N/A | 9.8 CRITICAL |
| pretix before 2024.1.1 mishandles file validation. | |||||
| CVE-2019-13939 | 1 Siemens | 46 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 43 more | 2025-06-10 | 4.8 MEDIUM | 7.1 HIGH |
| A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Desigo PXC00-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC100-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC12-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC50-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. | |||||
| CVE-2021-25255 | 1 Yandex | 1 Yandex Browser | 2025-06-10 | N/A | 7.5 HIGH |
| Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service. | |||||
| CVE-2025-27131 | 1 Openatom | 1 Openharmony | 2025-06-09 | N/A | 6.1 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOSÂ through improper input. | |||||