Total
6667 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32415 | 1 Xmlsoft | 1 Libxml2 | 2025-04-23 | N/A | 2.9 LOW |
| In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. | |||||
| CVE-2025-3787 | 1 Pbootcms | 1 Pbootcms | 2025-04-23 | 3.3 LOW | 2.7 LOW |
| A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3788 | 1 Jsite | 1 Jsite | 2025-04-23 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-4216 | 1 Villatheme | 1 Orders Tracking For Woocommerce | 2025-04-23 | N/A | 2.7 LOW |
| The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file. | |||||
| CVE-2025-26269 | 2025-04-23 | N/A | 3.3 LOW | ||
| DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer. | |||||
| CVE-2022-42769 | 2 Google, Unisoc | 14 Android, S8014, Sc7731e and 11 more | 2025-04-23 | N/A | 3.3 LOW |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2025-3252 | 1 Xujiangfei | 1 Admintwo | 2025-04-23 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. This vulnerability affects unknown code of the file /resource/add. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3253 | 1 Xujiangfei | 1 Admintwo | 2025-04-23 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in xujiangfei admintwo 1.0 and classified as problematic. This issue affects some unknown processing of the file /ztree/insertTree. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-45228 | 1 Dragino | 2 Lg01 Lora, Lg01 Lora Firmware | 2025-04-23 | N/A | 3.5 LOW |
| Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page. | |||||
| CVE-2025-23253 | 2025-04-23 | N/A | 2.5 LOW | ||
| NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | |||||
| CVE-2025-3850 | 2025-04-23 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The manipulation leads to improper authentication. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3841 | 2025-04-23 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2025-2987 | 2025-04-23 | N/A | 3.8 LOW | ||
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2024-20045 | 2 Google, Mediatek | 34 Android, Mt6833, Mt6835 and 31 more | 2025-04-23 | N/A | 2.3 LOW |
| In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08024748; Issue ID: ALPS08029526. | |||||
| CVE-2024-20051 | 5 Google, Linuxfoundation, Mediatek and 2 more | 47 Android, Yocto, Mt2713 and 44 more | 2025-04-23 | N/A | 2.3 LOW |
| In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758. | |||||
| CVE-2022-4123 | 2 Fedoraproject, Podman Project | 2 Fedora, Podman | 2025-04-22 | N/A | 3.3 LOW |
| A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. | |||||
| CVE-2024-20038 | 2 Google, Mediatek | 31 Android, Mt6739, Mt6761 and 28 more | 2025-04-22 | N/A | 3.4 LOW |
| In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALPS08495932. | |||||
| CVE-2022-20240 | 1 Google | 1 Android | 2025-04-22 | N/A | 2.3 LOW |
| In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105 | |||||
| CVE-2022-31699 | 1 Vmware | 2 Cloud Foundation, Esxi | 2025-04-22 | N/A | 3.3 LOW |
| VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. | |||||
| CVE-2024-7068 | 1 Munyweki | 1 Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. This affects an unknown part of the file /Script/admin/core/update_sub_category. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272349 was assigned to this vulnerability. | |||||