Total
107 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12977 | 1 Fluentbit | 1 Fluent Bit | 2025-11-26 | 9.1 Critical |
| Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing. | ||||
| CVE-2025-60633 | 1 Free5gc | 1 Free5gc | 2025-11-26 | 6.5 Medium |
| An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API. | ||||
| CVE-2025-4645 | 1 Axis | 233 A1210 \(-b\), A1214, A1601 and 230 more | 2025-11-24 | 6.7 Medium |
| An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-8108 | 1 Axis | 233 A1210 \(-b\), A1214, A1601 and 230 more | 2025-11-24 | 6.7 Medium |
| An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-41729 | 2025-11-24 | 7.5 High | ||
| An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service. | ||||
| CVE-2025-59278 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-11-22 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59275 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-11-22 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58729 | 1 Microsoft | 31 Windows, Windows 10, Windows 10 1507 and 28 more | 2025-11-22 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-59277 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-11-22 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59259 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2025-11-22 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-59257 | 1 Microsoft | 11 Windows, Windows 11, Windows 11 24h2 and 8 more | 2025-11-22 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-55701 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2025-11-22 | 7.8 High |
| Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-4522 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit. | ||||
| CVE-2023-3917 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail. | ||||
| CVE-2023-3906 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 3.5 Low |
| An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy. | ||||
| CVE-2023-3904 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards. | ||||
| CVE-2023-3900 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load. | ||||
| CVE-2025-9524 | 1 Axis | 1 Axis Os | 2025-11-14 | 4.3 Medium |
| The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account. | ||||
| CVE-2025-6298 | 1 Axis | 1 Axis Os | 2025-11-12 | 6.7 Medium |
| ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2024-5696 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-11-06 | 8.6 High |
| By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||||