Total
6665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32471 | 2025-04-29 | N/A | 3.7 LOW | ||
| The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks. | |||||
| CVE-2025-46674 | 2025-04-29 | N/A | 3.5 LOW | ||
| NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle. | |||||
| CVE-2023-35814 | 2025-04-29 | N/A | 3.5 LOW | ||
| DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. | |||||
| CVE-2024-20528 | 1 Cisco | 1 Identity Services Engine | 2025-04-28 | N/A | 3.8 LOW |
| A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to upload custom files to arbitrary locations on the underlying operating system, execute arbitrary code, and elevate privileges to root. | |||||
| CVE-2024-44575 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | N/A | 3.7 LOW |
| RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session. | |||||
| CVE-2024-40455 | 1 Thinksaas | 1 Thinksaas | 2025-04-28 | N/A | 2.7 LOW |
| An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request. | |||||
| CVE-2024-31144 | 2025-04-26 | N/A | 3.8 LOW | ||
| For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories (SRs). The metadata itself is stored in a Virtual Disk Image (VDI) inside an SR. This is used for two purposes; a general backup of metadata (e.g. to recover from a host failure if the filer is still good), and Portable SRs (e.g. using an external hard drive to move VMs to another host). Metadata is only restored as an explicit administrator action, but occurs in cases where the host has no information about the SR, and must locate the metadata VDI in order to retrieve the metadata. The metadata VDI is located by searching (in UUID alphanumeric order) each VDI, mounting it, and seeing if there is a suitable metadata file present. The first matching VDI is deemed to be the metadata VDI, and is restored from. In the general case, the content of VDIs are controlled by the VM owner, and should not be trusted by the host administrator. A malicious guest can manipulate its disk to appear to be a metadata backup. A guest cannot choose the UUIDs of its VDIs, but a guest with one disk has a 50% chance of sorting ahead of the legitimate metadata backup. A guest with two disks has a 75% chance, etc. | |||||
| CVE-2024-56430 | 2025-04-26 | N/A | 2.9 LOW | ||
| OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext::EvalFloor in lib/binfhe-base-scheme.cpp. | |||||
| CVE-2020-23587 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-25 | N/A | 3.1 LOW |
| A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes in RoutingConfiguration on " /routing.asp ". | |||||
| CVE-2024-22371 | 1 Apache | 1 Camel | 2025-04-25 | N/A | 2.9 LOW |
| Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue. | |||||
| CVE-2025-26268 | 1 Dragonflydb | 1 Dragonfly | 2025-04-25 | N/A | 3.3 LOW |
| DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked. | |||||
| CVE-2025-3821 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-24 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3822 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-24 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password/txtnew_password/txtold_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3691 | 1 Mirweiye | 1 Seven Bears Library Cms | 2025-04-24 | 3.3 LOW | 2.7 LOW |
| A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-3710 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-23 | N/A | 2.7 LOW |
| A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall older than version 19.5 GA. | |||||
| CVE-2022-42767 | 2 Google, Unisoc | 14 Android, S8012, Sc7731e and 11 more | 2025-04-23 | N/A | 3.3 LOW |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42758 | 2 Google, Unisoc | 14 Android, S8016, Sc7731e and 11 more | 2025-04-23 | N/A | 3.3 LOW |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42757 | 2 Google, Unisoc | 14 Android, S8015, Sc7731e and 11 more | 2025-04-23 | N/A | 3.3 LOW |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2025-32415 | 1 Xmlsoft | 1 Libxml2 | 2025-04-23 | N/A | 2.9 LOW |
| In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. | |||||
| CVE-2025-3787 | 1 Pbootcms | 1 Pbootcms | 2025-04-23 | 3.3 LOW | 2.7 LOW |
| A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||