Total
296104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32906 | 2025-05-29 | N/A | 7.5 HIGH | ||
| A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server. | |||||
| CVE-2025-32053 | 2025-05-29 | N/A | 6.5 MEDIUM | ||
| A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. | |||||
| CVE-2025-32052 | 2025-05-29 | N/A | 6.5 MEDIUM | ||
| A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. | |||||
| CVE-2025-32050 | 2025-05-29 | N/A | 5.9 MEDIUM | ||
| A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. | |||||
| CVE-2025-47287 | 2025-05-29 | N/A | 7.5 HIGH | ||
| Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy. | |||||
| CVE-2025-0921 | 2025-05-29 | N/A | 6.5 MEDIUM | ||
| Execution with Unnecessary Privileges vulnerability in the Pager agent of multi-agent notification feature in Mitsubishi Electric Iconics Digital Solutions GENESIS64 prior to 10.97.3, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC. | |||||
| CVE-2021-28423 | 1 Phpgurukul | 1 Teachers Record Management System | 2025-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php. | |||||
| CVE-2023-51756 | 2025-05-28 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | |||||
| CVE-2023-51753 | 2025-05-28 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | |||||
| CVE-2023-50338 | 2025-05-28 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | |||||
| CVE-2023-49904 | 2025-05-28 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | |||||
| CVE-2023-49604 | 2025-05-28 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | |||||
| CVE-2023-49139 | 2025-05-28 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | |||||
| CVE-2023-49137 | 2025-05-28 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | |||||
| CVE-2023-48726 | 2025-05-28 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | |||||
| CVE-2023-29857 | 1 Teslamate | 1 Teslamate | 2025-05-28 | N/A | 5.3 MEDIUM |
| An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link. | |||||
| CVE-2022-23126 | 1 Teslamate | 1 Teslamate | 2025-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls. | |||||
| CVE-2022-44581 | 1 Wpmudev | 1 Defender | 2025-05-28 | N/A | 5.0 MEDIUM |
| Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. | |||||
| CVE-2024-37444 | 1 Wpmudev | 1 Defender | 2025-05-28 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.7.1. | |||||
| CVE-2024-25595 | 1 Wpmudev | 1 Defender | 2025-05-28 | N/A | 5.3 MEDIUM |
| Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1. | |||||