Total
29523 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13251 | 1 Registration Role Project | 1 Registration Role | 2025-06-04 | N/A | 8.8 HIGH |
| Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1. | |||||
| CVE-2024-13249 | 1 Node Access Rebuild Progressive Project | 1 Node Access Rebuild Progressive | 2025-06-04 | N/A | 5.4 MEDIUM |
| Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2. | |||||
| CVE-2024-13248 | 1 Private Content Project | 1 Private Content | 2025-06-04 | N/A | 5.5 MEDIUM |
| Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0. | |||||
| CVE-2024-13246 | 1 Node Access Rebuild Progressive Project | 1 Node Access Rebuild Progressive | 2025-06-04 | N/A | 5.3 MEDIUM |
| Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2. | |||||
| CVE-2024-13259 | 1 Image Sizes Project | 1 Image Sizes | 2025-06-04 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2. | |||||
| CVE-2024-13256 | 1 Email Contact Project | 1 Email Contact | 2025-06-04 | N/A | 7.5 HIGH |
| Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4. | |||||
| CVE-2024-46751 | 1 Linux | 1 Linux Kernel | 2025-06-04 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message. | |||||
| CVE-2024-45034 | 1 Apache | 1 Airflow | 2025-06-03 | N/A | 8.8 HIGH |
| Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability. | |||||
| CVE-2024-45784 | 1 Apache | 1 Airflow | 2025-06-03 | N/A | 7.5 HIGH |
| Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets. | |||||
| CVE-2025-35939 | 1 Craftcms | 1 Craft Cms | 2025-06-03 | N/A | 5.3 MEDIUM |
| Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at '/var/lib/php/sessions'. Such session files are named 'sess_[session_value]', where '[session_value]' is provided to the client in a 'Set-Cookie' response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue. | |||||
| CVE-2025-4750 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-06-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). This issue affects some unknown processing of the file /H5/get_version.data of the component Configuration Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5175 | 1 Erdogant | 1 Pypickle | 2025-06-03 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named 14b4cae704a0bb4eb6723e238f25382d847a1917. It is recommended to upgrade the affected component. | |||||
| CVE-2025-5163 | 1 Yangshare | 1 Warehouse Management System | 2025-06-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in yangshare 技术杨工 warehouseManager 仓库管理系统 1.0. This affects an unknown part. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-51071 | 1 Qstar | 1 Archive Storage Manager | 2025-06-03 | N/A | 6.5 MEDIUM |
| An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link. | |||||
| CVE-2023-51842 | 1 Meshcentral | 1 Meshcentral | 2025-06-02 | N/A | 7.5 HIGH |
| An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16. | |||||
| CVE-2024-11942 | 1 Drupal | 1 Drupal | 2025-06-02 | N/A | 5.9 MEDIUM |
| A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10. | |||||
| CVE-2022-45167 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | N/A | 4.3 MEDIUM |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users. | |||||
| CVE-2022-45166 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | N/A | 6.5 MEDIUM |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role. | |||||
| CVE-2022-45164 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | N/A | 4.3 MEDIUM |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking | |||||
| CVE-2022-36443 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | N/A | 7.8 HIGH |
| An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction. | |||||