Search

Search Results (364866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-54020 1 Fortinet 1 Fortimanager 2025-06-04 2.1 Low
A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.
CVE-2025-48485 1 Freescout 1 Freescout 2025-06-04 5.4 Medium
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an arbitrary customer. This issue has been patched in version 1.8.180.
CVE-2025-5371 1 Razormist 1 Health Center Patient Record Management System 2025-06-04 7.3 High
A vulnerability, which was classified as critical, has been found in SourceCodester Health Center Patient Record Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2021-26423 2 Microsoft, Redhat 7 .net, .net Core, Powershell Core and 4 more 2025-06-04 7.5 High
.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2024-56655 1 Linux 1 Linux Kernel 2025-06-04 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not defer rule destruction via call_rcu nf_tables_chain_destroy can sleep, it can't be used from call_rcu callbacks. Moreover, nf_tables_rule_release() is only safe for error unwinding, while transaction mutex is held and the to-be-desroyed rule was not exposed to either dataplane or dumps, as it deactives+frees without the required synchronize_rcu() in-between. nft_rule_expr_deactivate() callbacks will change ->use counters of other chains/sets, see e.g. nft_lookup .deactivate callback, these must be serialized via transaction mutex. Also add a few lockdep asserts to make this more explicit. Calling synchronize_rcu() isn't ideal, but fixing this without is hard and way more intrusive. As-is, we can get: WARNING: .. net/netfilter/nf_tables_api.c:5515 nft_set_destroy+0x.. Workqueue: events nf_tables_trans_destroy_work RIP: 0010:nft_set_destroy+0x3fe/0x5c0 Call Trace: <TASK> nf_tables_trans_destroy_work+0x6b7/0xad0 process_one_work+0x64a/0xce0 worker_thread+0x613/0x10d0 In case the synchronize_rcu becomes an issue, we can explore alternatives. One way would be to allocate nft_trans_rule objects + one nft_trans_chain object, deactivate the rules + the chain and then defer the freeing to the nft destroy workqueue. We'd still need to keep the synchronize_rcu path as a fallback to handle -ENOMEM corner cases though.
CVE-2025-37782 2025-06-04 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-37832 2025-06-04 7.0 High
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-2454 3 Fedoraproject, Postgresql, Redhat 9 Fedora, Postgresql, Enterprise Linux and 6 more 2025-06-04 7.2 High
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
CVE-2025-49210 2025-06-04 N/A
Not used
CVE-2025-49209 2025-06-04 N/A
Not used
CVE-2025-49208 2025-06-04 N/A
Not used
CVE-2025-49207 2025-06-04 N/A
Not used
CVE-2025-49206 2025-06-04 N/A
Not used
CVE-2025-49205 2025-06-04 N/A
Not used
CVE-2025-49204 2025-06-04 N/A
Not used
CVE-2025-49203 2025-06-04 N/A
Not used
CVE-2025-49202 2025-06-04 N/A
Not used
CVE-2024-27181 1 Apache 1 Linkis 2025-06-03 8.8 High
In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.
CVE-2024-45034 1 Apache 1 Airflow 2025-06-03 8.8 High
Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.
CVE-2024-45498 1 Apache 1 Airflow 2025-06-03 8.8 High
Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.