Total
303855 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22491 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2025-06-20 | N/A | 5.5 MEDIUM |
| IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted. | |||||
| CVE-2024-43176 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-06-20 | N/A | 5.4 MEDIUM |
| IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. | |||||
| CVE-2024-33850 | 1 Pexip | 1 Pexip Infinity | 2025-06-20 | N/A | 4.3 MEDIUM |
| Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting. | |||||
| CVE-2024-22058 | 1 Ivanti | 1 Endpoint Manager | 2025-06-20 | N/A | 7.8 HIGH |
| A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older. | |||||
| CVE-2023-46810 | 2 Ivanti, Linux | 2 Secure Access Client, Linux Kernel | 2025-06-20 | N/A | 7.3 HIGH |
| A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root. | |||||
| CVE-2023-38042 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-06-20 | N/A | 7.8 HIGH |
| A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. | |||||
| CVE-2025-4778 | 1 Phpgurukul | 1 Park Ticketing Management System | 2025-06-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-47916 | 1 Invisioncommunity | 1 Invisioncommunity | 2025-06-20 | N/A | 10.0 CRITICAL |
| Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings. | |||||
| CVE-2024-23337 | 1 Jqlang | 1 Jq | 2025-06-20 | N/A | 4.3 MEDIUM |
| jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue. | |||||
| CVE-2025-5030 | 1 Ackites | 1 Killwxapkg | 2025-06-20 | 5.1 MEDIUM | 5.0 MEDIUM |
| A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48060 | 1 Jqlang | 1 Jq | 2025-06-20 | N/A | 7.5 HIGH |
| jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available. | |||||
| CVE-2024-36052 | 2 Microsoft, Rarlab | 2 Windows, Winrar | 2025-06-20 | N/A | 7.5 HIGH |
| RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899. | |||||
| CVE-2024-33899 | 3 Linux, Opengroup, Rarlab | 3 Linux Kernel, Unix, Winrar | 2025-06-20 | N/A | 7.1 HIGH |
| RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences. | |||||
| CVE-2025-48063 | 1 Xwiki | 1 Xwiki | 2025-06-20 | N/A | 8.8 HIGH |
| XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are editing documents on which required rights are enforced can be sure that they're not giving a right to a script or object that it didn't have before. A bug in the implementation of the enforcement of this rule means that in fact, it was possible for any user with edit right on a document to set programming right as required right. If then a user with programming right edited that document, the content of that document would gain programming right, allowing remote code execution. This thereby defeats most of the security benefits of required rights. As XWiki still performs the required rights analysis when a user edits a page even when required rights are enforced, the user with programming right would still be warned about the dangerous content unless the attacker managed to bypass this check. Note also that none of the affected versions include a UI for enabling the enforcing of required rights so it seems unlikely that anybody relied on them for security in the affected versions. As this vulnerability provides no additional attack surface unless all documents in the wiki enforce required rights, we consider the impact of this attack to be low even though gaining programming right could have a high impact. This vulnerability has been patched in XWiki 16.10.4 and 17.1.0RC1. No known workarounds are available except for upgrading. | |||||
| CVE-2024-49196 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2025-06-20 | N/A | 7.5 HIGH |
| An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service. | |||||
| CVE-2024-46922 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2025-06-20 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_parser_bos in the Xclipse Driver. | |||||
| CVE-2024-46923 | 1 Samsung | 6 Exynos 1480, Exynos 1480 Firmware, Exynos 2200 and 3 more | 2025-06-20 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_ib_fill in the Xclipse Driver. | |||||
| CVE-2025-25899 | 1 Tp-link | 2 Tl-wr841nd V11, Tl-wr841nd V11 Firmware | 2025-06-20 | N/A | 3.5 LOW |
| A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-25900 | 1 Tp-link | 2 Tl-wr841nd V11, Tl-wr841nd V11 Firmware | 2025-06-20 | N/A | 4.9 MEDIUM |
| A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2024-23174 | 1 Mediawiki | 1 Mediawiki | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message. | |||||