Total
295462 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26458 | 2 Mit, Netapp | 12 Kerberos 5, Active Iq Unified Manager, Cloud Volumes Ontap Mediator and 9 more | 2025-05-23 | N/A | 5.3 MEDIUM |
| Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. | |||||
| CVE-2024-53354 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-23 | N/A | 6.5 MEDIUM |
| Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) user parameter to /api/management/findfilterlist; the (2) user or (3) filter parameter to /api/audit/findmetawatcher; the (4) user parameter to /api/audit/findmetaalert; the (5) user parameter to /api/management/ds; the (6) user or (7) filter parameter to /api/audit/findmetarunalert; the (7) user parameter to /api/management/findtimeview; the (8) user, (9) filter or (10) target parameter to /api/management/getihmsettings; the (11) user or (12) filter parameter to /api/management/elementstype; the (14) login, (15) user, (16) is_local, (17) is_ldap, or (18) is_openid parameter to /api/user/addalias; the (19) role parameter to /api/user/addrole; the (20) user or (21) filter parameter to /api/management/addtimeview; the (22) TIMEAGO, (23) IDENTIFIER, (24) USER, (25) NAME, or (26) COST parameter to /api/management/addtagcosts; the (27) USER, or (28) VM_COST parameter to /api/management/updategenericcpucost; the (29) VM, (30) HOST, or (31) STORAGE parameter to /api/management/updatecostinfo; the (32) user, (33) filter, or (34) timeago parameter to /api/management/addfilter; the (35) user parameter to /api/report/getreporthistory. | |||||
| CVE-2023-51773 | 1 Bacnetstack | 1 Bacnet Stack | 2025-05-23 | N/A | 9.1 CRITICAL |
| BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c. | |||||
| CVE-2024-53355 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-23 | N/A | 8.8 HIGH |
| Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealias route; (4) delete users via the /api/user/delalias route; (4) get users via the /api/user/aliases route; (5) add a root group via the /api/user/adduser route; (6) modifiy a group via the /api/user/updateuser route; (7) delete a group via the /api/user/deluser route; (8) get groups via the /api/user/users route; (9) add an admin role via the /api/user/addrole route; (10) modifiy a role via the /api/user/updaterole route; (11) delete a role via the /api/user/delrole route; (12) get roles via the /api/user/roles route. | |||||
| CVE-2024-53356 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-23 | N/A | 9.8 CRITICAL |
| Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application. | |||||
| CVE-2024-26461 | 2 Mit, Netapp | 12 Kerberos 5, Active Iq Unified Manager, Cloud Volumes Ontap Mediator and 9 more | 2025-05-23 | N/A | 7.5 HIGH |
| Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. | |||||
| CVE-2025-0804 | 1 Flowdee | 1 Clickwhale | 2025-05-23 | N/A | 6.4 MEDIUM |
| The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-48761 | 1 Celk | 1 Celk Saude | 2025-05-23 | N/A | 8.8 HIGH |
| Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter. | |||||
| CVE-2024-51182 | 1 Celk | 1 Celk Saude | 2025-05-23 | N/A | 6.1 MEDIUM |
| HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter. | |||||
| CVE-2024-54851 | 1 Sismics | 1 Teedy | 2025-05-23 | N/A | 8.8 HIGH |
| Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection. | |||||
| CVE-2025-34028 | 3 Commvault, Linux, Microsoft | 3 Commvault, Linux Kernel, Windows | 2025-05-23 | N/A | 10.0 CRITICAL |
| The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. The vulnerability is fixed in 11.38.20 with SP38-CU20-433 and SP38-CU20-436 and also fixed in 11.38.25 with SP38-CU25-434 and SP38-CU25-438. | |||||
| CVE-2022-35096 | 1 Swftools | 1 Swftools | 2025-05-23 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c. | |||||
| CVE-2022-35095 | 1 Swftools | 1 Swftools | 2025-05-23 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc. | |||||
| CVE-2022-35094 | 1 Swftools | 1 Swftools | 2025-05-23 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. | |||||
| CVE-2022-35093 | 1 Swftools | 1 Swftools | 2025-05-23 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. | |||||
| CVE-2024-25844 | 1 Common-services | 1 So Flexibilite | 2025-05-23 | N/A | 7.5 HIGH |
| An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file. | |||||
| CVE-2024-57665 | 1 Heyewei | 1 Jfinalcms | 2025-05-23 | N/A | 9.8 CRITICAL |
| JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering. | |||||
| CVE-2024-55415 | 1 Thecontrolgroup | 1 Voyager | 2025-05-23 | N/A | 5.7 MEDIUM |
| DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. | |||||
| CVE-2025-0792 | 1 Esafenet | 1 Cdg | 2025-05-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in ESAFENET CDG V5. Affected is an unknown function of the file /sdTodoDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-25858 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2025-05-23 | N/A | 8.4 HIGH |
| In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands. | |||||