Total
10490 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45770 | 1 Adguard | 1 Adguard | 2025-03-31 | N/A | 7.8 HIGH |
| Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation. | |||||
| CVE-2024-23294 | 1 Apple | 1 Macos | 2025-03-29 | N/A | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution. | |||||
| CVE-2024-20064 | 2 Google, Mediatek | 30 Android, Mt6580, Mt6761 and 27 more | 2025-03-29 | N/A | 7.8 HIGH |
| In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229. | |||||
| CVE-2024-22054 | 2025-03-27 | N/A | 7.5 HIGH | ||
| A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later. | |||||
| CVE-2024-0022 | 1 Google | 1 Android | 2025-03-27 | N/A | 5.5 MEDIUM |
| In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-1242 | 2025-03-27 | N/A | 7.8 HIGH | ||
| Apport can be tricked into connecting to arbitrary sockets as the root user | |||||
| CVE-2025-24514 | 2025-03-27 | N/A | 8.8 HIGH | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | |||||
| CVE-2025-24513 | 2025-03-27 | N/A | 4.8 MEDIUM | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster. | |||||
| CVE-2025-1514 | 2025-03-27 | N/A | 7.3 HIGH | ||
| The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including, 1.0.6.7. This makes it possible for unauthenticated attackers to call arbitrary WordPress filters with a single parameter. | |||||
| CVE-2025-1097 | 2025-03-27 | N/A | 8.8 HIGH | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | |||||
| CVE-2025-23204 | 2025-03-27 | N/A | 4.4 MEDIUM | ||
| API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to `security`, the impact is there only when there's only a security after resolver and none inside security. Version 3.3.15 contains a patch for the issue. | |||||
| CVE-2025-1098 | 2025-03-27 | N/A | 8.8 HIGH | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | |||||
| CVE-2025-30355 | 2025-03-27 | N/A | 7.1 HIGH | ||
| Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available. | |||||
| CVE-2024-35296 | 1 Apache | 1 Traffic Server | 2025-03-27 | N/A | 8.2 HIGH |
| Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. | |||||
| CVE-2024-31310 | 1 Google | 1 Android | 2025-03-27 | N/A | 7.8 HIGH |
| In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-34473 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unintended RMR message type during xApp registration to disrupt other service components. | |||||
| CVE-2023-7060 | 1 Zephyrproject | 1 Zephyr | 2025-03-27 | N/A | 8.6 HIGH |
| Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address. | |||||
| CVE-2022-44644 | 1 Apache | 1 Linkis | 2025-03-27 | N/A | 6.5 MEDIUM |
| In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1 | |||||
| CVE-2024-45236 | 1 Nicmx | 1 Fort-validator | 2025-03-26 | N/A | 7.5 HIGH |
| An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. | |||||
| CVE-2025-2622 | 1 Aizuda | 1 Snail-job | 2025-03-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||