Total
10490 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26404 | 1 Amd | 46 Epyc 7003, Epyc 7003 Firmware, Epyc 7313 and 43 more | 2025-04-08 | N/A | 5.5 MEDIUM |
| Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. | |||||
| CVE-2025-3413 | 2025-04-08 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in opplus springboot-admin up to a2d5310f44fd46780a8686456cf2f9001ab8f024 and classified as critical. Affected by this vulnerability is the function code of the file SysGeneratorController.java. The manipulation of the argument Tables leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-30151 | 2025-04-08 | N/A | 7.5 HIGH | ||
| Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. | |||||
| CVE-2020-1350 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2025-04-08 | 10.0 HIGH | 10.0 CRITICAL |
| A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. | |||||
| CVE-2023-32015 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-08 | N/A | 9.8 CRITICAL |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | |||||
| CVE-2023-29371 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-08 | N/A | 7.8 HIGH |
| Windows GDI Elevation of Privilege Vulnerability | |||||
| CVE-2022-46372 | 1 Alotceriot | 2 Ar7088h-a, Ar7088h-a Firmware | 2025-04-08 | N/A | 7.2 HIGH |
| Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution. | |||||
| CVE-2023-24937 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-04-08 | N/A | 6.5 MEDIUM |
| Windows CryptoAPI Denial of Service Vulnerability | |||||
| CVE-2023-29359 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-08 | N/A | 7.8 HIGH |
| GDI Elevation of Privilege Vulnerability | |||||
| CVE-2020-1040 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2025-04-07 | 7.7 HIGH | 9.0 CRITICAL |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. | |||||
| CVE-2023-22963 | 1 Personnummer | 1 Personnummer | 2025-04-07 | N/A | 5.3 MEDIUM |
| The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression. | |||||
| CVE-2023-22898 | 1 Circl | 1 Pandora | 2025-04-07 | N/A | 6.5 MEDIUM |
| workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb). | |||||
| CVE-2023-20532 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2025-04-07 | N/A | 5.3 MEDIUM |
| Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. | |||||
| CVE-2023-20530 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-07 | N/A | 7.5 HIGH |
| Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. | |||||
| CVE-2023-20528 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2025-04-07 | N/A | 2.4 LOW |
| Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. | |||||
| CVE-2022-41861 | 1 Freeradius | 1 Freeradius | 2025-04-07 | N/A | 6.5 MEDIUM |
| A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. | |||||
| CVE-2023-20527 | 1 Amd | 128 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 125 more | 2025-04-07 | N/A | 6.5 MEDIUM |
| Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. | |||||
| CVE-2023-20525 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2025-04-07 | N/A | 6.5 MEDIUM |
| Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. | |||||
| CVE-2023-20522 | 1 Amd | 4 Milanpi, Milanpi Firmware, Romepi and 1 more | 2025-04-07 | N/A | 7.5 HIGH |
| Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service. | |||||
| CVE-2025-3165 | 2025-04-07 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckpt_path/quant_ckpt_dir leads to deserialization. An attack has to be approached locally. | |||||