Total
13312 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38778 | 2 Decode-uri-component Project, Elastic | 2 Decode-uri-component, Kibana | 2025-03-25 | 6.5 Medium |
| A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. | ||||
| CVE-2023-0751 | 1 Freebsd | 1 Freebsd | 2025-03-25 | 6.5 Medium |
| When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key. | ||||
| CVE-2022-34350 | 1 Ibm | 1 Api Connect | 2025-03-25 | 5.3 Medium |
| IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264. | ||||
| CVE-2024-1355 | 1 Github | 1 Enterprise Server | 2025-03-24 | 9.1 Critical |
| A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2023-21428 | 1 Samsung | 1 Android | 2025-03-24 | 4 Medium |
| Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code. | ||||
| CVE-2022-45088 | 1 Gruparge | 1 Smartpower Web | 2025-03-24 | 9.8 Critical |
| Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01. | ||||
| CVE-2023-21446 | 1 Samsung | 1 Android | 2025-03-24 | 6.2 Medium |
| Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles. | ||||
| CVE-2023-21451 | 1 Samsung | 1 Android | 2025-03-24 | 6.7 Medium |
| A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. | ||||
| CVE-2023-21431 | 1 Samsung | 1 Bixby Vision | 2025-03-24 | 3.3 Low |
| Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision. | ||||
| CVE-2023-21439 | 1 Samsung | 1 Android | 2025-03-24 | 8.5 High |
| Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities. | ||||
| CVE-2023-24569 | 1 Dell | 1 Alienware Command Center | 2025-03-24 | 7.8 High |
| Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system. | ||||
| CVE-2022-45725 | 1 Comfast | 2 Cf-wr610n, Cf-wr610n Firmware | 2025-03-24 | 8.8 High |
| Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request | ||||
| CVE-2025-2689 | 1 Yiiframework | 1 Yii | 2025-03-24 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2690 | 1 Yiiframework | 1 Yii | 2025-03-24 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulation leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2018-7935 | 1 Huawei | 2 E5573cs-322, E5573cs-322 Firmware | 2025-03-24 | 5.3 Medium |
| There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable. | ||||
| CVE-2023-20932 | 1 Google | 1 Android | 2025-03-21 | 3.3 Low |
| In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 | ||||
| CVE-2022-31808 | 1 Siemens | 4 Sipass Integrated Ac5102 \(acc-g2\), Sipass Integrated Ac5102 \(acc-g2\) Firmware, Sipass Integrated Acc-ap and 1 more | 2025-03-20 | 7.8 High |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges. | ||||
| CVE-2023-21434 | 1 Samsung | 1 Galaxy Store | 2025-03-20 | 6.2 Medium |
| Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. | ||||
| CVE-2023-22935 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-20 | 8.1 High |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | ||||
| CVE-2024-7974 | 1 Google | 1 Chrome | 2025-03-19 | 8.8 High |
| Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||