Vulnerabilities (CVE)

Total 81591 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-5399 1 Haxx 1 Curl 2025-07-30 N/A 7.5 HIGH
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS libcurl-using application.
CVE-2024-9858 1 Google 1 Migrate To Containers 2025-07-30 N/A 7.8 HIGH
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond
CVE-2023-0669 1 Fortra 1 Goanywhere Managed File Transfer 2025-07-30 N/A 7.2 HIGH
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
CVE-2023-35674 1 Google 1 Android 2025-07-30 N/A 7.8 HIGH
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-20353 1 Cisco 2 Adaptive Security Appliance Software, Firepower Threat Defense 2025-07-30 N/A 8.6 HIGH
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.
CVE-2024-24919 1 Checkpoint 5 Cloudguard Network Security, Quantum Security Gateway, Quantum Security Gateway Firmware and 2 more 2025-07-30 N/A 8.6 HIGH
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
CVE-2024-3273 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2025-07-30 7.5 HIGH 7.3 HIGH
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVE-2024-34171 1 Fujielectric 1 Monitouch V-sft 2025-07-30 N/A 7.8 HIGH
Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.
CVE-2024-20389 1 Cisco 2 Confd Basic, Crosswork Network Services Orchestrator 2025-07-30 N/A 7.8 HIGH
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.
CVE-2025-8329 2025-07-30 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-45620 2025-07-30 N/A 8.1 HIGH
An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request
CVE-2024-45955 2025-07-30 N/A 7.3 HIGH
Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter.
CVE-2021-25297 1 Nagios 1 Nagios Xi 2025-07-30 9.0 HIGH 8.8 HIGH
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
CVE-2021-30663 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-07-30 6.8 MEDIUM 8.8 HIGH
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2025-8011 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2025-07-30 N/A 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-0847 4 Fedoraproject, Linux, Ovirt and 1 more 19 Fedora, Linux Kernel, Ovirt-engine and 16 more 2025-07-30 7.2 HIGH 7.8 HIGH
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
CVE-2022-24990 1 Terra-master 30 F2-210, F2-221, F2-223 and 27 more 2025-07-30 N/A 7.5 HIGH
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
CVE-2022-33891 1 Apache 1 Spark 2025-07-30 N/A 8.8 HIGH
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
CVE-2025-2243 1 Bitdefender 1 Gravityzone 2025-07-30 N/A 7.3 HIGH
A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.
CVE-2019-0880 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 10 more 2025-07-30 4.6 MEDIUM 7.8 HIGH
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.