Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25872 | 2025-03-19 | 5.5 Medium | ||
| An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function | ||||
| CVE-2025-25871 | 2025-03-19 | 8 High | ||
| An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function | ||||
| CVE-2025-25650 | 2025-03-19 | 9.1 Critical | ||
| An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows attackers to produce cloned NFC cards to bypass authentication. | ||||
| CVE-2025-25625 | 2025-03-19 | 5.4 Medium | ||
| A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d_118101 and web firmware v2.2.2, which allows an authenticated web interface user to bypass input filtering on user names, and stores un-sanitized HTML and Javascript on the device. Pages which then present the user name without encoding special characters will then cause the injected code to be parsed by the browsers of other users accessing the web interface. | ||||
| CVE-2025-25590 | 2025-03-19 | 6.1 Medium | ||
| yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml. | ||||
| CVE-2025-25586 | 2025-03-19 | 4.2 Medium | ||
| yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. | ||||
| CVE-2025-25585 | 2025-03-19 | 7.3 High | ||
| Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords. | ||||
| CVE-2025-25582 | 2025-03-19 | 6.1 Medium | ||
| yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml. | ||||
| CVE-2025-25580 | 2025-03-19 | 6.1 Medium | ||
| yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml. | ||||
| CVE-2025-25568 | 2025-03-19 | 9.8 Critical | ||
| SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. | ||||
| CVE-2025-25567 | 2025-03-19 | 9.8 Critical | ||
| SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. | ||||
| CVE-2025-25565 | 2025-03-19 | 9.8 Critical | ||
| SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. | ||||
| CVE-2025-25363 | 2025-03-19 | 6.5 Medium | ||
| An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload into the HTML field of a template. | ||||
| CVE-2025-22907 | 2025-03-19 | 9.8 Critical | ||
| RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function. | ||||
| CVE-2025-0443 | 2025-03-19 | 8.8 High | ||
| Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-7631 | 1 Redhat | 1 Openshift | 2025-03-19 | 4.3 Medium |
| A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths. | ||||
| CVE-2024-57151 | 2025-03-19 | 6.8 Medium | ||
| SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function | ||||
| CVE-2024-57081 | 2025-03-19 | 7.5 High | ||
| A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57062 | 2025-03-19 | 6.7 Medium | ||
| An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. | ||||
| CVE-2024-55215 | 2025-03-19 | 9.8 Critical | ||
| An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register. | ||||