Total
10474 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22054 | 2025-03-27 | N/A | 7.5 HIGH | ||
| A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later. | |||||
| CVE-2024-0022 | 1 Google | 1 Android | 2025-03-27 | N/A | 5.5 MEDIUM |
| In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-1242 | 2025-03-27 | N/A | 7.8 HIGH | ||
| Apport can be tricked into connecting to arbitrary sockets as the root user | |||||
| CVE-2025-24513 | 2025-03-27 | N/A | 4.8 MEDIUM | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster. | |||||
| CVE-2025-1098 | 2025-03-27 | N/A | 8.8 HIGH | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | |||||
| CVE-2025-23204 | 2025-03-27 | N/A | 4.4 MEDIUM | ||
| API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to `security`, the impact is there only when there's only a security after resolver and none inside security. Version 3.3.15 contains a patch for the issue. | |||||
| CVE-2025-1514 | 2025-03-27 | N/A | 7.3 HIGH | ||
| The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including, 1.0.6.7. This makes it possible for unauthenticated attackers to call arbitrary WordPress filters with a single parameter. | |||||
| CVE-2025-24514 | 2025-03-27 | N/A | 8.8 HIGH | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | |||||
| CVE-2025-30213 | 2025-03-27 | N/A | N/A | ||
| Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an upgrade is required. | |||||
| CVE-2025-1097 | 2025-03-27 | N/A | 8.8 HIGH | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | |||||
| CVE-2025-30355 | 2025-03-27 | N/A | 7.1 HIGH | ||
| Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available. | |||||
| CVE-2025-20227 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure. | |||||
| CVE-2025-1440 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
| The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aip_map_url_callback() function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the advancediFrameParameterData option with an excessive amount of unvalidated data. | |||||
| CVE-2025-2855 | 2025-03-27 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely. | |||||
| CVE-2024-35296 | 1 Apache | 1 Traffic Server | 2025-03-27 | N/A | 8.2 HIGH |
| Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. | |||||
| CVE-2024-31310 | 1 Google | 1 Android | 2025-03-27 | N/A | 7.8 HIGH |
| In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-34473 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unintended RMR message type during xApp registration to disrupt other service components. | |||||
| CVE-2023-7060 | 1 Zephyrproject | 1 Zephyr | 2025-03-27 | N/A | 8.6 HIGH |
| Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address. | |||||
| CVE-2022-44644 | 1 Apache | 1 Linkis | 2025-03-27 | N/A | 6.5 MEDIUM |
| In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1 | |||||
| CVE-2024-45236 | 1 Nicmx | 1 Fort-validator | 2025-03-26 | N/A | 7.5 HIGH |
| An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. | |||||