Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55156 | 2025-03-17 | 5.5 Medium | ||
| An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message. | ||||
| CVE-2024-53311 | 2025-03-17 | 5.5 Medium | ||
| A Stack buffer overflow in the arguments parameter in Immunity Inc. Immunity Debugger v1.85 allows attackers to execute arbitrary code via a crafted input that exceeds the buffer size. | ||||
| CVE-2024-53309 | 2025-03-17 | 5.5 Medium | ||
| A stack-based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when an overly long string is passed to the "-f" parameter. This can lead to memory corruption, potentially allowing arbitrary code execution or causing a denial of service via specially crafted input. | ||||
| CVE-2024-46550 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-17 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-29409 | 2025-03-17 | 5.5 Medium | ||
| File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header. | ||||
| CVE-2024-21163 | 1 Oracle | 1 Mysql | 2025-03-17 | 5.5 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | ||||
| CVE-2024-13126 | 2025-03-17 | 4.6 Medium | ||
| The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files. | ||||
| CVE-2023-42948 | 1 Apple | 1 Macos | 2025-03-17 | 3.3 Low |
| This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14. A Wi-Fi password may not be deleted when activating a Mac in macOS Recovery. | ||||
| CVE-2023-35859 | 1 Moderncampus | 1 Omni Cms | 2025-03-17 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters. | ||||
| CVE-2023-34406 | 2025-03-17 | 3.3 Low | ||
| An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG (New Telematics Generation) 6 head units. To perform this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically. | ||||
| CVE-2023-34404 | 2025-03-17 | 4.9 Medium | ||
| Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability. | ||||
| CVE-2023-26235 | 1 Jd-gui Project | 1 Jd-gui | 2025-03-17 | 6.1 Medium |
| JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java. | ||||
| CVE-2023-26234 | 1 Jd-gui Project | 1 Jd-gui | 2025-03-17 | 6.6 Medium |
| JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance. | ||||
| CVE-2023-26093 | 1 Puzzle | 1 Liima | 2025-03-17 | 9.8 Critical |
| Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter. | ||||
| CVE-2023-26092 | 1 Puzzle | 1 Liima | 2025-03-17 | 9.8 Critical |
| Liima before 1.17.28 allows server-side template injection. | ||||
| CVE-2023-23920 | 3 Debian, Nodejs, Redhat | 5 Debian Linux, Node.js, Enterprise Linux and 2 more | 2025-03-17 | 4.2 Medium |
| An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. | ||||
| CVE-2023-23296 | 1 Korenix | 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more | 2025-03-17 | 6.5 Medium |
| Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault. | ||||
| CVE-2023-23295 | 1 Korenix | 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more | 2025-03-17 | 8.8 High |
| Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root. | ||||
| CVE-2023-21017 | 1 Google | 1 Android | 2025-03-17 | 7.8 High |
| In InstallStart of InstallStart.java, there is a possible way to change the installer package name due to an improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236687884 | ||||
| CVE-2023-21016 | 1 Google | 1 Android | 2025-03-17 | 5.5 Medium |
| In AccountTypePreference of AccountTypePreference.java, there is a possible way to mislead the user about accounts installed on the device due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213905884 | ||||