Total
293224 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4107 | 2025-05-08 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-31946 | 2025-05-08 | 6.2 Medium | ||
| Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash. | ||||
| CVE-2025-27720 | 2025-05-08 | 7.4 High | ||
| The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials. | ||||
| CVE-2025-27578 | 2025-05-08 | 7.5 High | ||
| Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition. | ||||
| CVE-2024-26559 | 1 Dagg | 1 Uverif | 2025-05-08 | 5.3 Medium |
| An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information. | ||||
| CVE-2022-36677 | 1 Lynchjames | 1 Obsidian Mind Map | 2025-05-08 | 6.1 Medium |
| Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document. | ||||
| CVE-2023-27151 | 1 Opencrx | 1 Opencrx | 2025-05-08 | 6.1 Medium |
| openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number (in the Saved Search Activity) via the Name, Description, or Activity Number field. | ||||
| CVE-2023-51774 | 1 Json-jwt Project | 1 Json-jwt | 2025-05-08 | 8.4 High |
| The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode. | ||||
| CVE-2023-51775 | 2 Jose4j Project, Redhat | 6 Jose4j, Apicurio Registry, Jboss Enterprise Application Platform and 3 more | 2025-05-08 | 6.5 Medium |
| The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. | ||||
| CVE-2024-25006 | 1 Xenforo | 1 Xenforo | 2025-05-08 | 8.1 High |
| XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import. | ||||
| CVE-2025-1331 | 1 Ibm | 1 Cics Tx | 2025-05-08 | 7.8 High |
| IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. | ||||
| CVE-2025-1330 | 1 Ibm | 1 Cics Tx | 2025-05-08 | 7.8 High |
| IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function. | ||||
| CVE-2025-1329 | 1 Ibm | 1 Cics Tx | 2025-05-08 | 7.8 High |
| IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function. | ||||
| CVE-2025-44021 | 2025-05-08 | 2.8 Low | ||
| OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be written to the target node disk. This is difficult to exploit in practice, because a node deployed in this manner should never reach the ACTIVE state, but it still represents a danger in environments running with non-default, insecure configurations such as with automated cleaning disabled. The fixed versions are 24.1.3, 26.1.1, and 29.0.1. | ||||
| CVE-2025-28074 | 2025-05-08 | N/A | ||
| phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript. | ||||
| CVE-2023-31585 | 2025-05-08 | N/A | ||
| Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php. | ||||
| CVE-2022-43424 | 1 Jenkins | 2 Compuware Xpediter Code Coverage, Jenkins | 2025-05-08 | 5.3 Medium |
| Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | ||||
| CVE-2022-41415 | 1 Acer | 2 Altos W2000h-w570h F4, Altos W2000h-w570h F4 Firmware | 2025-05-08 | 9.8 Critical |
| Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable. | ||||
| CVE-2021-38217 | 1 Sem-cms | 1 Semcms | 2025-05-08 | 9.8 Critical |
| SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. | ||||
| CVE-2024-2428 | 1 Prestoplayer | 1 Presto Player | 2025-05-08 | 4.7 Medium |
| The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks | ||||