Total
2868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4031 | 1 Samsung | 10 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S4 and 7 more | 2025-04-20 | 4.6 MEDIUM | 6.8 MEDIUM |
| Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301. | |||||
| CVE-2015-9245 | 1 Progress | 1 Openedge | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | |||||
| CVE-2015-6023 | 1 Netcommwireless | 2 Hspa 3g10wve, Hspa 3g10wve Firmware | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
| ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands. | |||||
| CVE-2014-9961 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. | |||||
| CVE-2016-7054 | 1 Openssl | 1 Openssl | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. | |||||
| CVE-2016-8394 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197. | |||||
| CVE-2015-8284 | 1 Seawell Networks | 1 Spectrum Sdc | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions. | |||||
| CVE-2025-21588 | 1 Oracle | 1 Mysql Server | 2025-04-19 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2025-31726 | 1 Jenkins | 1 Stack Hammer | 2025-04-18 | N/A | 5.5 MEDIUM |
| Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2023-49543 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-18 | N/A | 9.8 CRITICAL |
| Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating. | |||||
| CVE-2025-25948 | 2025-04-18 | N/A | 9.1 CRITICAL | ||
| Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account. | |||||
| CVE-2022-31708 | 1 Vmware | 1 Vrealize Operations | 2025-04-18 | N/A | 4.9 MEDIUM |
| vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. | |||||
| CVE-2022-25627 | 1 Broadcom | 1 Symantec Identity Governance And Administration | 2025-04-18 | N/A | 6.7 MEDIUM |
| An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4 | |||||
| CVE-2024-56889 | 1 Codeastro | 1 Complaint Management System | 2025-04-18 | N/A | 7.5 HIGH |
| Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter. | |||||
| CVE-2025-21586 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-04-17 | N/A | 5.4 MEDIUM |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2025-21573 | 1 Oracle | 1 Financial Services Revenue Management And Billing | 2025-04-17 | N/A | 6.0 MEDIUM |
| Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L). | |||||
| CVE-2024-53304 | 2025-04-17 | N/A | 6.5 MEDIUM | ||
| An issue in LRQA Nettitude PoshC2 after commit 09ee2cf allows unauthenticated attackers to connect to the C2 server and execute arbitrary commands via posing as an infected machine. | |||||
| CVE-2025-3113 | 2025-04-17 | N/A | N/A | ||
| A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets. | |||||
| CVE-2022-26423 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2022-1066 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||