Total
13312 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41565 | 1 Mezz | 1 Justenoughitems | 2025-03-19 | 4.3 Medium |
| JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index in JEI for Minecraft, which allows in-game item duplication. | ||||
| CVE-2025-26702 | 1 Zte | 1 Goldendb | 2025-03-19 | 4.9 Medium |
| Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. | ||||
| CVE-2023-24062 | 1 Dieboldnixdorf | 1 Vynamic Security Suite | 2025-03-18 | 6.8 Medium |
| Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk. | ||||
| CVE-2024-23320 | 1 Apache | 1 Dolphinscheduler | 2025-03-18 | 8.8 High |
| Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. | ||||
| CVE-2021-22484 | 1 Huawei | 1 Harmonyos | 2025-03-18 | 7.5 High |
| Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Successful exploitation of this vulnerability may cause a server out of memory (OOM). | ||||
| CVE-2024-29831 | 1 Apache | 1 Dolphinscheduler | 2025-03-18 | 8.8 High |
| Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2. | ||||
| CVE-2022-27892 | 1 Palantir | 1 Gotham | 2025-03-18 | 5.3 Medium |
| Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. | ||||
| CVE-2022-27897 | 1 Palantir | 1 Gotham | 2025-03-18 | 5.3 Medium |
| Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server. | ||||
| CVE-2024-3172 | 1 Google | 1 Chrome | 2025-03-18 | 8.8 High |
| Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2022-43929 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-03-17 | 4.9 Medium |
| IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. | ||||
| CVE-2023-23009 | 3 Debian, Libreswan, Redhat | 5 Debian Linux, Libreswan, Enterprise Linux and 2 more | 2025-03-17 | 6.5 Medium |
| Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. | ||||
| CVE-2024-57960 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-17 | 7.7 High |
| Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2020-16297 | 4 Artifex, Canonical, Debian and 1 more | 4 Ghostscript, Ubuntu Linux, Debian Linux and 1 more | 2025-03-14 | 5.5 Medium |
| A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | ||||
| CVE-2024-25090 | 1 Apache | 1 Roller | 2025-03-14 | 5.4 Medium |
| Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3. This issue affects Apache Roller: from 5.0.0 before 6.1.3. Users are recommended to upgrade to version 6.1.3, which fixes the issue. | ||||
| CVE-2024-45537 | 1 Apache | 1 Druid | 2025-03-14 | 6.5 Medium |
| Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide for their JDBC connections. By default, this allowed properties list restricts users to TLS-related properties only. However, when configuration a MySQL JDBC connection, users can use a particularly-crafted JDBC connection string to provide properties that are not on this allow list. Users without the permission to configure JDBC connections are not able to exploit this vulnerability. CVE-2021-26919 describes a similar vulnerability which was partially addressed in Apache Druid 0.20.2. This issue is fixed in Apache Druid 30.0.1. | ||||
| CVE-2024-25973 | 1 Frentix | 1 Openolat | 2025-03-14 | 5.4 Medium |
| The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user's browser. | ||||
| CVE-2024-27896 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity. | ||||
| CVE-2023-52385 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 6.2 Medium |
| Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-52552 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Input verification vulnerability in the power module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-27378 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-03-13 | 6 Medium |
| An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_cert(), there is no input validation check on len coming from userspace, which can lead to a heap over-read. | ||||