Total
29611 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0530 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2025-02-13 | 5.5 Medium |
| A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | ||||
| CVE-2021-27906 | 4 Apache, Fedoraproject, Oracle and 1 more | 21 Pdfbox, Fedora, Banking Corporate Lending Process Management and 18 more | 2025-02-13 | 5.5 Medium |
| A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | ||||
| CVE-2021-26559 | 1 Apache | 1 Airflow | 2025-02-13 | 6.5 Medium |
| Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0. | ||||
| CVE-2021-26118 | 3 Apache, Netapp, Redhat | 3 Activemq Artemis, Oncommand Workflow Automation, Amq Broker | 2025-02-13 | 7.5 High |
| While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. | ||||
| CVE-2019-3811 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Sssd and 2 more | 2025-02-13 | 5.2 Medium |
| A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. | ||||
| CVE-2019-14866 | 2 Gnu, Redhat | 4 Cpio, Enterprise Linux, Openshift Do and 1 more | 2025-02-13 | 7.3 High |
| In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. | ||||
| CVE-2024-36788 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-02-13 | 5.9 Medium |
| Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices. | ||||
| CVE-2025-20893 | 1 Samsung | 1 Android | 2025-02-12 | 5.1 Medium |
| Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications. | ||||
| CVE-2024-13545 | 1 G5plus | 1 Ultimate Bootstrap Elements For Elementor | 2025-02-12 | 9.8 Critical |
| The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If php://filter is enabled on the server, this issue may directly lead to Remote Code Execution. | ||||
| CVE-2025-23018 | 1 Ietf | 1 Ipv6 | 2025-02-12 | 5.4 Medium |
| IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136. | ||||
| CVE-2025-23019 | 1 Ietf | 1 Ipv6 | 2025-02-12 | 5.4 Medium |
| IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface. | ||||
| CVE-2022-43635 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2025-02-12 | 6.5 Medium |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17332. | ||||
| CVE-2023-30450 | 1 Redpanda | 1 Redpanda | 2025-02-12 | 4.3 Medium |
| rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches. | ||||
| CVE-2024-1701 | 1 Keerti1924 | 1 Php Mysql User Signup Login System | 2025-02-12 | 5.3 Medium |
| A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-21486 | 1 Samsung | 1 Android | 2025-02-12 | 5.3 Medium |
| Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||||
| CVE-2023-21485 | 1 Samsung | 1 Android | 2025-02-12 | 5.3 Medium |
| Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||||
| CVE-2023-21505 | 1 Samsung | 1 Samsung Core Services | 2025-02-12 | 4 Medium |
| Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. | ||||
| CVE-2023-21496 | 1 Samsung | 1 Android | 2025-02-12 | 6.1 Medium |
| Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level. | ||||
| CVE-2024-3460 | 1 Kioware | 1 Kioware | 2025-02-12 | 7.4 High |
| In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs. In order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window. | ||||
| CVE-2025-20884 | 1 Samsung | 1 Android | 2025-02-12 | 4.6 Medium |
| Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. | ||||