Vulnerabilities (CVE)

Filtered by CWE-20
Total 10573 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-10635 1 Proofpoint 1 Enterprise Protection 2025-05-10 N/A 6.1 MEDIUM
Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system.
CVE-2024-45577 1 Qualcomm 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more 2025-05-09 N/A 7.8 HIGH
Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information.
CVE-2024-45579 1 Qualcomm 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more 2025-05-09 N/A 7.8 HIGH
Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check.
CVE-2024-49844 1 Qualcomm 362 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 359 more 2025-05-09 N/A 7.8 HIGH
Memory corruption while triggering commands in the PlayReady Trusted application.
CVE-2024-49845 1 Qualcomm 292 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 289 more 2025-05-09 N/A 7.8 HIGH
Memory corruption during the FRS UDS generation process.
CVE-2025-21460 1 Qualcomm 72 Qam8255p, Qam8255p Firmware, Qam8295p and 69 more 2025-05-09 N/A 7.8 HIGH
Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.
CVE-2022-1414 1 Redhat 1 3scale Api Management 2025-05-09 N/A 8.8 HIGH
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.
CVE-2025-1087 2025-05-09 N/A N/A
Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.
CVE-2025-4377 2025-05-09 N/A N/A
Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem.  Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pro Cloud Server: earlier than 6.0.165.
CVE-2025-4376 2025-05-09 N/A N/A
Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting (XSS). This issue affects Pro Cloud Server: earlier than 6.0.165.
CVE-2024-11636 1 Icegram 1 Email Subscribers \& Newsletters 2025-05-08 N/A 4.8 MEDIUM
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2024-27612 1 Numbas 1 Editor 2025-05-08 N/A 6.2 MEDIUM
Numbas editor before 7.3 mishandles editing of themes and extensions.
CVE-2025-20154 2025-05-08 N/A 8.6 HIGH
A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled. This vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows:    Security Impact Rating (SIR): Low    CVSS Base Score: 3.7    CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2025-20197 2025-05-08 N/A 6.7 MEDIUM
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this vulnerability by including crafted input in specific configuration commands. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system of an affected device. The security impact rating (SIR) of this advisory has been raised to High because an attacker could gain access to the underlying operating system of the affected device and perform potentially undetected actions. Note: The attacker must have privileges to enter configuration mode on the affected device. This is usually referred to as privilege level 15.
CVE-2025-40846 2025-05-08 N/A N/A
Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject JavaScript code to perform cross site scripting attack. The vulnerability affects Halo versions up to 2.174.101 and all versions between 2.175.1 and 2.184.21
CVE-2022-33178 1 Broadcom 1 Fabric Operating System 2025-05-07 N/A 7.2 HIGH
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.
CVE-2022-42468 1 Apache 1 Flume 2025-05-07 N/A 9.8 CRITICAL
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.
CVE-2018-6335 1 Facebook 1 Hhvm 2025-05-06 5.0 MEDIUM 7.5 HIGH
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.
CVE-2025-2855 1 Eladmin 1 Eladmin 2025-05-06 5.8 MEDIUM 4.7 MEDIUM
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely.
CVE-2024-1714 1 Sailpoint 1 Identityiq 2025-05-06 N/A 7.1 HIGH
An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.