Total
295468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47688 | 1 Advancedfilemanager | 1 Advanced File Manager | 2025-05-23 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1. | |||||
| CVE-2025-4462 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4461 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-23 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4460 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-23 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-47612 | 1 Flowdee | 1 Clickwhale | 2025-05-23 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in flowdee ClickWhale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ClickWhale: from n/a through 2.4.6. | |||||
| CVE-2024-51547 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2025-05-23 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-4008 | 2025-05-23 | N/A | N/A | ||
| The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. | |||||
| CVE-2025-4949 | 2025-05-23 | N/A | N/A | ||
| In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues. | |||||
| CVE-2025-4478 | 2025-05-23 | N/A | 7.1 HIGH | ||
| A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system. | |||||
| CVE-2023-48795 | 42 9bis, Apache, Apple and 39 more | 68 Kitty, Sshd, Sshj and 65 more | 2025-05-23 | N/A | 5.9 MEDIUM |
| The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. | |||||
| CVE-2015-7848 | 2 Netapp, Ntp | 6 Clustered Data Ontap, Data Ontap Operating In 7-mode, Oncommand Balance and 3 more | 2025-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. | |||||
| CVE-2024-36761 | 1 Gfx-rs | 2 Naga, Wgpu | 2025-05-23 | N/A | 9.8 CRITICAL |
| naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs. | |||||
| CVE-2025-4632 | 2025-05-23 | N/A | 9.8 CRITICAL | ||
| Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority. | |||||
| CVE-2025-4642 | 2025-05-22 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2025-4562 | 2025-05-22 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2025-3730 | 2025-05-22 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects. | |||||
| CVE-2022-40864 | 1 Tendacn | 4 Ac15, Ac15 Firmware, Ac18 and 1 more | 2025-05-22 | N/A | 9.8 CRITICAL |
| Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet | |||||
| CVE-2022-40862 | 1 Tendacn | 4 Ac15, Ac15 Firmware, Ac18 and 1 more | 2025-05-22 | N/A | 9.8 CRITICAL |
| Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting | |||||
| CVE-2022-40860 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2025-05-22 | N/A | 9.8 CRITICAL |
| Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList | |||||
| CVE-2022-40853 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2025-05-22 | N/A | 9.8 CRITICAL |
| Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set | |||||