Total
10479 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41565 | 1 Mezz | 1 Justenoughitems | 2025-03-19 | N/A | 4.3 MEDIUM |
| JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index in JEI for Minecraft, which allows in-game item duplication. | |||||
| CVE-2025-26702 | 1 Zte | 1 Goldendb | 2025-03-19 | N/A | 4.9 MEDIUM |
| Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. | |||||
| CVE-2024-47857 | 2025-03-18 | N/A | 9.8 CRITICAL | ||
| SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target hosts to which the "account B" has access. | |||||
| CVE-2023-24062 | 1 Dieboldnixdorf | 1 Vynamic Security Suite | 2025-03-18 | N/A | 6.8 MEDIUM |
| Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk. | |||||
| CVE-2024-23320 | 1 Apache | 1 Dolphinscheduler | 2025-03-18 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. | |||||
| CVE-2023-24329 | 3 Fedoraproject, Netapp, Python | 6 Fedora, Active Iq Unified Manager, Management Services For Element Software and 3 more | 2025-03-18 | N/A | 7.5 HIGH |
| An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | |||||
| CVE-2021-22484 | 1 Huawei | 1 Harmonyos | 2025-03-18 | N/A | 7.5 HIGH |
| Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Successful exploitation of this vulnerability may cause a server out of memory (OOM). | |||||
| CVE-2024-29831 | 1 Apache | 1 Dolphinscheduler | 2025-03-18 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2. | |||||
| CVE-2024-3172 | 1 Google | 1 Chrome | 2025-03-18 | N/A | 8.8 HIGH |
| Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-29461 | 2025-03-17 | N/A | 6.3 MEDIUM | ||
| An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. | |||||
| CVE-2024-57960 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-17 | N/A | 7.7 HIGH |
| Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-2376 | 2025-03-17 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-7600 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. | |||||
| CVE-2023-22952 | 1 Sugarcrm | 1 Sugarcrm | 2025-03-14 | N/A | 8.8 HIGH |
| In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. | |||||
| CVE-2022-29499 | 1 Mitel | 1 Mivoice Connect | 2025-03-14 | 10.0 HIGH | 9.8 CRITICAL |
| The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. | |||||
| CVE-2024-25743 | 2025-03-14 | N/A | 7.1 HIGH | ||
| In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES. | |||||
| CVE-2019-16759 | 1 Vbulletin | 1 Vbulletin | 2025-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | |||||
| CVE-2024-25090 | 1 Apache | 1 Roller | 2025-03-14 | N/A | 5.4 MEDIUM |
| Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3. This issue affects Apache Roller: from 5.0.0 before 6.1.3. Users are recommended to upgrade to version 6.1.3, which fixes the issue. | |||||
| CVE-2024-45537 | 1 Apache | 1 Druid | 2025-03-14 | N/A | 6.5 MEDIUM |
| Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide for their JDBC connections. By default, this allowed properties list restricts users to TLS-related properties only. However, when configuration a MySQL JDBC connection, users can use a particularly-crafted JDBC connection string to provide properties that are not on this allow list. Users without the permission to configure JDBC connections are not able to exploit this vulnerability. CVE-2021-26919 describes a similar vulnerability which was partially addressed in Apache Druid 0.20.2. This issue is fixed in Apache Druid 30.0.1. | |||||
| CVE-2020-8195 | 1 Citrix | 12 4000-wo, 4100-wo, 5000-wo and 9 more | 2025-03-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. | |||||