Total
30288 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-12284 | 1 Citrix | 2 Netscaler Agent, Netscaler Console | 2025-07-25 | N/A | 8.8 HIGH |
Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. | |||||
CVE-2024-5491 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-07-25 | N/A | 7.5 HIGH |
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler | |||||
CVE-2025-50068 | 1 Oracle | 1 Mysql Cluster | 2025-07-24 | N/A | 6.7 MEDIUM |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
CVE-2010-0425 | 5 Apache, Broadcom, Ibm and 2 more | 6 Http Server, Vmware Ace Management Server, Http Server and 3 more | 2025-07-24 | 10.0 HIGH | N/A |
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." | |||||
CVE-2024-22013 | 1 Google | 6 Nest Wifi Point, Nest Wifi Point Firmware, Nest Wifi Pro and 3 more | 2025-07-24 | N/A | 5.3 MEDIUM |
U-Boot environment is read from unauthenticated partition. | |||||
CVE-2024-47030 | 1 Google | 1 Android | 2025-07-24 | N/A | 5.1 MEDIUM |
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818. | |||||
CVE-2024-47031 | 1 Google | 1 Android | 2025-07-24 | N/A | 7.4 HIGH |
Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861. | |||||
CVE-2024-11407 | 1 Grpc | 1 Grpc | 2025-07-23 | N/A | 7.5 HIGH |
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 | |||||
CVE-2024-11498 | 1 Libjxl Project | 1 Libjxl | 2025-07-23 | N/A | 7.5 HIGH |
There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0. | |||||
CVE-2024-38327 | 1 Ibm | 1 Analytics Content Hub | 2025-07-23 | N/A | 6.8 MEDIUM |
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API. | |||||
CVE-2023-20055 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | N/A | 8.0 HIGH |
A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level user account. To successfully exploit this vulnerability, the attacker would need at least valid Observer credentials. | |||||
CVE-2024-5899 | 1 Google | 3 Bazel For Android Studio, Bazel For Clion, Bazel For Intellij | 2025-07-23 | N/A | 3.3 LOW |
When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one. We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins. | |||||
CVE-2024-32923 | 1 Google | 1 Android | 2025-07-22 | N/A | 4.0 MEDIUM |
there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-32924 | 1 Google | 1 Android | 2025-07-22 | N/A | 7.5 HIGH |
In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-7246 | 1 Grpc | 1 Grpc | 2025-07-22 | N/A | 5.3 MEDIUM |
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table. Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4. | |||||
CVE-2024-6284 | 1 Google | 1 Nftables | 2025-07-22 | N/A | 7.3 HIGH |
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects: https://pkg.go.dev/github.com/google/nftables@v0.1.0 The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/nftables@v0.2.0 | |||||
CVE-2025-2121 | 1 Thinkware | 2 F800 Pro, F800 Pro Firmware | 2025-07-22 | 5.8 MEDIUM | 6.3 MEDIUM |
A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to improper access controls. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-45244 | 1 Hyperledger | 1 Fabric | 2025-07-21 | N/A | 5.3 MEDIUM |
Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window. | |||||
CVE-2024-38435 | 1 Unitronics | 1 Visilogic | 2025-07-21 | N/A | 6.5 MEDIUM |
Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service | |||||
CVE-2025-50083 | 1 Oracle | 1 Mysql | 2025-07-18 | N/A | 6.5 MEDIUM |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |