Search

Search Results (364880 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-5184 1 Zephyrproject 1 Zephyr 2025-06-18 7 High
Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.
CVE-2023-5263 1 Zzzcms 1 Zzzcms 2025-06-18 6.3 Medium
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872.
CVE-2023-5277 1 Engineers Online Portal Project 1 Engineers Online Portal 2025-06-18 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240905 was assigned to this vulnerability.
CVE-2023-43655 4 Debian, Docker, Fedoraproject and 1 more 4 Debian Linux, Composer, Fedora and 1 more 2025-06-18 6.4 Medium
Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice.
CVE-2023-5294 1 Shopex 1 Ecshop 2025-06-18 4.7 Medium
A vulnerability has been found in ECshop 4.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/order.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240925 was assigned to this vulnerability.
CVE-2025-28132 1 Nagios 1 Nagios Network Analyzer 2025-06-18 4.6 Medium
A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf.
CVE-2023-5324 1 Eero 1 Eeroos 2025-06-18 4.3 Medium
A vulnerability has been found in eeroOS up to 6.16.4-11 and classified as critical. This vulnerability affects unknown code of the component Ethernet Interface. The manipulation leads to denial of service. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241024.
CVE-2024-37917 1 Pexip 1 Pexip Infinity 2025-06-18 7.5 High
Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.
CVE-2025-30080 1 Pexip 1 Pexip Infinity 2025-06-18 7.5 High
Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).
CVE-2025-29720 1 Langgenius 1 Dify 2025-06-18 4.8 Medium
Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi.
CVE-2025-3739 1 Drupal 8 Google Optimize Hide Page Project 1 Drupal 8 Google Optimize Hide Page 2025-06-18 5.9 Medium
Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page: *.*.
CVE-2025-32789 1 Espocrm 1 Espocrm 2025-06-18 3.1 Low
EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of the sorted list of users. Although unlikely, if an attacker knows the hash value of their password, they can change the password and repeat the sorting until the other user's password hash is fully revealed. This issue is patched in version 9.0.7.
CVE-2024-41200 1 Pandora 1 Kmplayer 2025-06-18 5.5 Medium
A segmentation fault in KMPlayer v4.2.2.65 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.
CVE-2025-38046 2025-06-18 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-38026 2025-06-18 4.4 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-38808 3 Netapp, Redhat, Vmware 5 Active Iq Unified Manager, Oncommand Insight, Apache Camel Spring Boot and 2 more 2025-06-18 4.3 Medium
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.
CVE-2024-21140 3 Netapp, Oracle, Redhat 19 Active Iq Unified Manager, Bluexp, Bootstrap Os and 16 more 2025-06-18 4.8 Medium
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2022-1471 2 Redhat, Snakeyaml Project 14 Amq Clients, Amq Streams, Enterprise Linux and 11 more 2025-06-18 8.3 High
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CVE-2025-5790 1 Totolink 2 X15, X15 Firmware 2025-06-17 8.8 High
A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. This vulnerability affects unknown code of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-22313 1 Ibm 1 Storage Defender Resiliency Service 2025-06-17 6.2 Medium
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.