Total
421 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52895 | 1 Ibm | 1 I | 2025-07-03 | N/A | 6.5 MEDIUM |
| IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database. | |||||
| CVE-2025-53359 | 2025-07-03 | N/A | N/A | ||
| ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability (according to EIP-2) was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is not a security issue and not as high of a risk if the ethereum crate is used on a single-implementation blockchain. This issue has been patched in version v0.18.0. A workaround for this issue involves manually checking transaction malleability outside of the crate, however upgrading is recommended. | |||||
| CVE-2023-28910 | 2025-06-30 | N/A | 8.0 HIGH | ||
| A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. | |||||
| CVE-2025-1718 | 2025-06-26 | N/A | 6.5 MEDIUM | ||
| An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM600-IO series device to reboot due to improper disk space management. | |||||
| CVE-2024-54175 | 1 Ibm | 1 Mq | 2025-06-20 | N/A | 5.5 MEDIUM |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. | |||||
| CVE-2025-0129 | 2025-06-13 | N/A | N/A | ||
| An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables the user to use Prisma Access Browser without any restrictions. | |||||
| CVE-2024-4611 | 1 Apppresser | 1 Apppresser | 2025-06-05 | N/A | 8.1 HIGH |
| The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the 'openssl' php extension is not loaded on the server. | |||||
| CVE-2024-3729 | 1 Dynamiapps | 1 Frontend Admin | 2025-06-05 | N/A | 9.8 CRITICAL |
| The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can be used to add and edit administrator user for privilege escalation, or to automatically log in users for authentication bypass, or manipulate the post processing form that can be used to inject arbitrary web scripts. This can only be exploited if the 'openssl' php extension is not loaded on the server. | |||||
| CVE-2024-35421 | 1 Lonelycoder | 1 Vmir | 2025-06-05 | N/A | 5.5 MEDIUM |
| vmir e8117 was discovered to contain a segmentation violation via the wasm_parse_block function at /src/vmir_wasm_parser.c. | |||||
| CVE-2024-35424 | 1 Lonelycoder | 1 Vmir | 2025-06-05 | N/A | 5.5 MEDIUM |
| vmir e8117 was discovered to contain a segmentation violation via the import_function function at /src/vmir_wasm_parser.c. | |||||
| CVE-2024-35427 | 1 Lonelycoder | 1 Vmir | 2025-06-05 | N/A | 5.5 MEDIUM |
| vmir e8117 was discovered to contain a segmentation violation via the export_function function at /src/vmir_wasm_parser.c. | |||||
| CVE-2023-45922 | 1 Mesa3d | 1 Mesa | 2025-06-05 | N/A | 4.3 MEDIUM |
| glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | |||||
| CVE-2025-2704 | 1 Openvpn | 1 Openvpn | 2025-05-24 | N/A | 7.5 HIGH |
| OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase | |||||
| CVE-2025-22848 | 2025-05-16 | N/A | 3.5 LOW | ||
| Improper conditions check for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2024-28036 | 2025-05-16 | N/A | 5.6 MEDIUM | ||
| Improper conditions check for some Intel(R) Arc™ GPU may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2025-0130 | 2025-05-16 | N/A | N/A | ||
| A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access. | |||||
| CVE-2024-52316 | 1 Apache | 1 Tomcat | 2025-05-15 | N/A | 9.8 CRITICAL |
| Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue. | |||||
| CVE-2022-41587 | 1 Huawei | 1 Emui | 2025-05-14 | N/A | 5.3 MEDIUM |
| Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability. | |||||
| CVE-2024-12533 | 2025-05-13 | N/A | 3.3 LOW | ||
| Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67. | |||||
| CVE-2024-4182 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | N/A | 4.3 MEDIUM |
| Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom status. | |||||