Total
3035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4016 | 1 Cisco | 1 Ios | 2025-04-11 | 5.4 MEDIUM | N/A |
| The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673. | |||||
| CVE-2012-2351 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2025-04-11 | 5.0 MEDIUM | N/A |
| The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. | |||||
| CVE-2013-2175 | 4 Canonical, Debian, Haproxy and 1 more | 4 Ubuntu Linux, Debian Linux, Haproxy and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. | |||||
| CVE-2013-4213 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | 6.4 MEDIUM | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. | |||||
| CVE-2012-5076 | 2 Oracle, Suse | 2 Jre, Linux Enterprise Desktop | 2025-04-11 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS. | |||||
| CVE-2013-7293 | 1 Asus | 1 Wl-330nul | 2025-04-11 | 5.0 MEDIUM | N/A |
| The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. | |||||
| CVE-2013-4316 | 2 Apache, Oracle | 4 Struts, Flexcube Private Banking, Mysql Enterprise Monitor and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
| Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. | |||||
| CVE-2024-51954 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2025-04-10 | N/A | 8.5 HIGH |
| There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance. If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software. | |||||
| CVE-2022-47634 | 1 Isode | 1 M-link | 2025-04-10 | N/A | 8.1 HIGH |
| M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867. | |||||
| CVE-2024-8999 | 1 Lunary | 1 Lunary | 2025-04-10 | N/A | 7.5 HIGH |
| lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. The issue is fixed in version 1.4.26. | |||||
| CVE-2024-37567 | 1 Infoblox | 1 Nios | 2025-04-10 | N/A | 9.1 CRITICAL |
| Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. | |||||
| CVE-2024-37566 | 1 Infoblox | 1 Nios | 2025-04-10 | N/A | 9.8 CRITICAL |
| Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. | |||||
| CVE-2024-9098 | 1 Lunary | 1 Lunary | 2025-04-10 | N/A | 6.1 MEDIUM |
| In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. This issue arises because the user creation endpoint does not restrict admins from inviting users with billing roles. As a result, admins can circumvent the intended access control, posing a risk to the organization's financial resources. | |||||
| CVE-2022-47543 | 1 Siren | 1 Investigate | 2025-04-10 | N/A | 5.3 MEDIUM |
| An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects. | |||||
| CVE-2025-2973 | 1 Code-projects | 1 College Management System | 2025-04-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in code-projects College Management System 1.0. This affects an unknown part of the file /Admin/student.php. The manipulation of the argument profile_image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-24486 | 1 Silextechnology | 2 Ds-600, Ds-600 Firmware | 2025-04-10 | N/A | 9.1 CRITICAL |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command. | |||||
| CVE-2024-24487 | 1 Silextechnology | 2 Ds-600, Ds-600 Firmware | 2025-04-10 | N/A | 6.8 MEDIUM |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command. | |||||
| CVE-2024-24485 | 1 Silextechnology | 2 Ds-600, Ds-600 Firmware | 2025-04-10 | N/A | 7.5 HIGH |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command. | |||||
| CVE-2025-28407 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 8.8 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId | |||||
| CVE-2025-28408 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter | |||||