Total
10371 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-1088 | 2025-06-18 | N/A | 2.7 LOW | ||
In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher. | |||||
CVE-2024-39780 | 2025-06-18 | N/A | 7.8 HIGH | ||
A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code. | |||||
CVE-2025-49081 | 1 Absolute | 1 Secure Access | 2025-06-17 | N/A | 4.9 MEDIUM |
There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high. | |||||
CVE-2024-32371 | 1 Hsclabs | 1 Mailinspector | 2025-06-17 | N/A | 7.5 HIGH |
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. | |||||
CVE-2024-55567 | 2025-06-17 | N/A | 7.5 HIGH | ||
Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. | |||||
CVE-2023-26159 | 1 Follow-redirects | 1 Follow Redirects | 2025-06-17 | N/A | 7.3 HIGH |
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | |||||
CVE-2024-21507 | 1 Sidorares | 1 Mysql2 | 2025-06-17 | N/A | 6.5 MEDIUM |
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. | |||||
CVE-2023-50694 | 1 Dom96 | 1 Httpbeast | 2025-06-17 | N/A | 9.8 CRITICAL |
An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component. | |||||
CVE-2024-33792 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | |||||
CVE-2023-45648 | 2 Apache, Debian | 2 Tomcat, Debian Linux | 2025-06-16 | N/A | 5.3 MEDIUM |
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. | |||||
CVE-2025-47096 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 3.5 LOW |
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Low privileges are required. | |||||
CVE-2025-5497 | 1 Phpwcms | 1 Phpwcms | 2025-06-13 | 6.5 MEDIUM | 6.3 MEDIUM |
A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. The manipulation of the argument cnt_text leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | |||||
CVE-2025-4905 | 1 Washington | 1 Basestation | 2025-06-12 | 4.3 MEDIUM | 5.3 MEDIUM |
A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far. | |||||
CVE-2025-0037 | 2025-06-12 | N/A | 6.6 MEDIUM | ||
In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality. | |||||
CVE-2025-3898 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver. | |||||
CVE-2025-3116 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. | |||||
CVE-2025-1041 | 2025-06-12 | N/A | 9.9 CRITICAL | ||
An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0. | |||||
CVE-2025-4680 | 2025-06-12 | N/A | N/A | ||
Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0. | |||||
CVE-2025-0051 | 2025-06-12 | N/A | N/A | ||
Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service. | |||||
CVE-2025-47968 | 2025-06-12 | N/A | 7.8 HIGH | ||
Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. |