Total
300504 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-30917 | 1 Eprosima | 1 Fast Dds | 2025-06-17 | N/A | 5.5 MEDIUM |
An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. | |||||
CVE-2023-32295 | 1 Easyappointments | 1 Easy\!appointments | 2025-06-17 | N/A | 6.3 MEDIUM |
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. | |||||
CVE-2023-29483 | 4 Dnspython, Eventlet, Fedoraproject and 1 more | 5 Dnspython, Eventlet, Fedora and 2 more | 2025-06-17 | N/A | 7.0 HIGH |
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. | |||||
CVE-2024-25376 | 1 Thesycon | 1 Tusbaudio | 2025-06-17 | N/A | 7.8 HIGH |
An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. | |||||
CVE-2024-25852 | 1 Linksys | 2 Re7000, Re7000 Firmware | 2025-06-17 | N/A | 8.8 HIGH |
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights. | |||||
CVE-2025-6069 | 2025-06-17 | N/A | 4.3 MEDIUM | ||
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. | |||||
CVE-2025-49875 | 2025-06-17 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.9.3.1. | |||||
CVE-2025-34508 | 2025-06-17 | N/A | 6.3 MEDIUM | ||
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service. | |||||
CVE-2025-6196 | 2025-06-17 | N/A | 5.5 MEDIUM | ||
A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service. | |||||
CVE-2025-49795 | 2025-06-17 | N/A | 7.5 HIGH | ||
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. | |||||
CVE-2025-49857 | 2025-06-17 | N/A | 4.3 MEDIUM | ||
Missing Authorization vulnerability in WPExperts.io myCred allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects myCred: from n/a through 2.9.4.2. | |||||
CVE-2025-49865 | 2025-06-17 | N/A | 4.3 MEDIUM | ||
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.0.1. | |||||
CVE-2025-6199 | 2025-06-17 | N/A | 3.3 LOW | ||
A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image. | |||||
CVE-2025-49842 | 2025-06-17 | N/A | N/A | ||
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privilege escalation and host compromise if a vulnerability is exploited. This issue has been patched in version 2025.3.24. | |||||
CVE-2025-49260 | 2025-06-17 | N/A | 8.1 HIGH | ||
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora allows PHP Local File Inclusion. This issue affects Aora: from n/a through 1.3.9. | |||||
CVE-2025-47573 | 2025-06-17 | N/A | 9.3 CRITICAL | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from n/a through 92.0.0. | |||||
CVE-2025-49157 | 2025-06-17 | N/A | 7.8 HIGH | ||
A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2025-49154 | 2025-06-17 | N/A | 8.7 HIGH | ||
An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2025-49134 | 2025-06-17 | N/A | N/A | ||
Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12. | |||||
CVE-2025-49848 | 2025-06-17 | N/A | N/A | ||
An Out-of-bounds Write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data structures. |