Total
10511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7517 | 1 Redhat | 1 Openshift | 2025-05-13 | N/A | 3.5 LOW |
| An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance. | |||||
| CVE-2025-0734 | 1 Ruoyi | 1 Ruoyi | 2025-05-13 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-24510 | 2025-05-13 | N/A | 6.5 MEDIUM | ||
| A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device's normal operation. | |||||
| CVE-2025-40556 | 2025-05-13 | N/A | 6.5 MEDIUM | ||
| A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All versions), BACnet ATEC 550-445 (All versions), BACnet ATEC 550-446 (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device's normal operation. | |||||
| CVE-2025-29784 | 1 Namelessmc | 1 Nameless | 2025-05-13 | N/A | 7.5 HIGH |
| NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performance degradation and potential denial-of-service (DoS) attacks. This issue has been patched in version 2.2.0. | |||||
| CVE-2024-25016 | 1 Ibm | 2 Mq, Mq Appliance | 2025-05-12 | N/A | 7.5 HIGH |
| IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279. | |||||
| CVE-2025-30391 | 1 Microsoft | 1 Dynamics 365 Customer Service | 2025-05-12 | N/A | 8.1 HIGH |
| Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-46574 | 1 Zte | 1 Zxcloud Goldendb | 2025-05-12 | N/A | 4.1 MEDIUM |
| There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. | |||||
| CVE-2025-4377 | 2025-05-12 | N/A | N/A | ||
| Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pro Cloud Server: earlier than 6.0.165. | |||||
| CVE-2025-4376 | 2025-05-12 | N/A | N/A | ||
| Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting (XSS). This issue affects Pro Cloud Server: earlier than 6.0.165. | |||||
| CVE-2025-1087 | 2025-05-12 | N/A | N/A | ||
| Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application. | |||||
| CVE-2023-22342 | 1 Intel | 1 Thunderbolt Dch Driver | 2025-05-12 | N/A | 7.7 HIGH |
| Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-10635 | 1 Proofpoint | 1 Enterprise Protection | 2025-05-10 | N/A | 6.1 MEDIUM |
| Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system. | |||||
| CVE-2024-45577 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information. | |||||
| CVE-2024-45579 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check. | |||||
| CVE-2024-49845 | 1 Qualcomm | 292 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 289 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption during the FRS UDS generation process. | |||||
| CVE-2025-21460 | 1 Qualcomm | 72 Qam8255p, Qam8255p Firmware, Qam8295p and 69 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously. | |||||
| CVE-2022-1414 | 1 Redhat | 1 3scale Api Management | 2025-05-09 | N/A | 8.8 HIGH |
| 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks. | |||||
| CVE-2024-11636 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2025-05-08 | N/A | 4.8 MEDIUM |
| The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-27612 | 1 Numbas | 1 Editor | 2025-05-08 | N/A | 6.2 MEDIUM |
| Numbas editor before 7.3 mishandles editing of themes and extensions. | |||||