Total
12142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27366 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2025-03-25 | 4.4 Medium |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_done_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read. | ||||
| CVE-2024-21742 | 1 Apache | 1 James Mime4j | 2025-03-25 | 5.3 Medium |
| Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. | ||||
| CVE-2025-30213 | 2025-03-25 | N/A | ||
| Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an upgrade is required. | ||||
| CVE-2022-38778 | 2 Decode-uri-component Project, Elastic | 2 Decode-uri-component, Kibana | 2025-03-25 | 6.5 Medium |
| A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. | ||||
| CVE-2023-0751 | 1 Freebsd | 1 Freebsd | 2025-03-25 | 6.5 Medium |
| When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key. | ||||
| CVE-2022-34350 | 1 Ibm | 1 Api Connect | 2025-03-25 | 5.3 Medium |
| IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264. | ||||
| CVE-2025-24513 | 2025-03-25 | 4.8 Medium | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster. | ||||
| CVE-2024-27612 | 2025-03-24 | 6.2 Medium | ||
| Numbas editor before 7.3 mishandles editing of themes and extensions. | ||||
| CVE-2024-1355 | 1 Github | 1 Enterprise Server | 2025-03-24 | 9.1 Critical |
| A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-21304 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2025-03-24 | 4.1 Medium |
| Trusted Compute Base Elevation of Privilege Vulnerability | ||||
| CVE-2023-21428 | 1 Samsung | 1 Android | 2025-03-24 | 4 Medium |
| Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code. | ||||
| CVE-2022-45088 | 1 Gruparge | 1 Smartpower Web | 2025-03-24 | 9.8 Critical |
| Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01. | ||||
| CVE-2023-21446 | 1 Samsung | 1 Android | 2025-03-24 | 6.2 Medium |
| Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles. | ||||
| CVE-2023-21451 | 1 Samsung | 1 Android | 2025-03-24 | 6.7 Medium |
| A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. | ||||
| CVE-2023-21431 | 1 Samsung | 1 Bixby Vision | 2025-03-24 | 3.3 Low |
| Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision. | ||||
| CVE-2023-21439 | 1 Samsung | 1 Android | 2025-03-24 | 8.5 High |
| Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities. | ||||
| CVE-2023-24569 | 1 Dell | 1 Alienware Command Center | 2025-03-24 | 7.8 High |
| Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system. | ||||
| CVE-2024-58084 | 1 Linux | 1 Linux Kernel | 2025-03-24 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Commit 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitq completion variable initialization") introduced a write barrier in probe function to store global '__scm' variable. We all known barriers are paired (see memory-barriers.txt: "Note that write barriers should normally be paired with read or address-dependency barriers"), therefore accessing it from concurrent contexts requires read barrier. Previous commit added such barrier in qcom_scm_is_available(), so let's use that directly. Lack of this read barrier can result in fetching stale '__scm' variable value, NULL, and dereferencing it. Note that barrier in qcom_scm_is_available() satisfies here the control dependency. | ||||
| CVE-2022-45725 | 1 Comfast | 2 Cf-wr610n, Cf-wr610n Firmware | 2025-03-24 | 8.8 High |
| Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request | ||||
| CVE-2025-23204 | 2025-03-24 | 4.4 Medium | ||
| API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to `security`, the impact is there only when there's only a security after resolver and none inside security. Version 3.3.15 contains a patch for the issue. | ||||