Total
78021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5854 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
| Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | |||||
| CVE-2023-5852 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
| Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | |||||
| CVE-2023-5849 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-29 | N/A | 8.8 HIGH |
| Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-44007 | 1 Backclick | 1 Backclick | 2025-04-29 | N/A | 8.8 HIGH |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation. | |||||
| CVE-2022-42732 | 1 Siemens | 1 Syngo Dynamics Cardiovascular Imaging And Information System | 2025-04-29 | N/A | 7.5 HIGH |
| A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool. | |||||
| CVE-2022-42533 | 1 Google | 1 Android | 2025-04-29 | N/A | 7.8 HIGH |
| In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/A | |||||
| CVE-2022-42246 | 1 Duofoxtechnologies | 1 Duofox Cms | 2025-04-29 | N/A | 8.8 HIGH |
| Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. | |||||
| CVE-2025-4039 | 1 Phpgurukul | 1 Rail Pass Management System | 2025-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-53868 | 1 Apache | 1 Traffic Server | 2025-04-29 | N/A | 7.5 HIGH |
| Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue. | |||||
| CVE-2025-2563 | 1 Wpeverest | 1 User Registration \& Membership | 2025-04-29 | N/A | 8.1 HIGH |
| The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges | |||||
| CVE-2025-3379 | 1 Pcman | 1 Ftp Server | 2025-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. Affected by this vulnerability is an unknown functionality of the component EPSV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0534 | 1 1000projects | 1 Campaign Management System Platform For Women | 2025-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0533 | 1 1000projects | 1 Campaign Management System Platform For Women | 2025-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0482 | 1 Native-php-cms Project | 1 Native-php-cms | 2025-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-4349 | 1 Donbermoy | 1 Pisay Online E-learning System | 2025-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability. | |||||
| CVE-2025-3680 | 1 Pcman | 1 Ftp Server | 2025-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component LANG Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3683 | 1 Pcman | 1 Ftp Server | 2025-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. This vulnerability affects unknown code of the component SIZE Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3682 | 1 Pcman | 1 Ftp Server | 2025-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component PASV Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3681 | 1 Pcman | 1 Ftp Server | 2025-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component MODE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-47004 | 1 Redislabs | 1 Redisgraph | 2025-04-29 | N/A | 8.8 HIGH |
| Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication. | |||||