Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-49510 | 1 Linux | 1 Linux Kernel | 2025-03-17 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/omap: fix NULL but dereferenced coccicheck error Fix the following coccicheck warning: ./drivers/gpu/drm/omapdrm/omap_overlay.c:89:22-25: ERROR: r_ovl is NULL but dereferenced. Here should be ovl->idx rather than r_ovl->idx. | ||||
| CVE-2022-49514 | 1 Linux | 1 Linux Kernel | 2025-03-17 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Call of_node_put(platform_node) to avoid refcount leak in the error path. | ||||
| CVE-2022-49516 | 1 Linux | 1 Linux Kernel | 2025-03-17 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ice: always check VF VSI pointer values The ice_get_vf_vsi function can return NULL in some cases, such as if handling messages during a reset where the VSI is being removed and recreated. Several places throughout the driver do not bother to check whether this VSI pointer is valid. Static analysis tools maybe report issues because they detect paths where a potentially NULL pointer could be dereferenced. Fix this by checking the return value of ice_get_vf_vsi everywhere. | ||||
| CVE-2025-2348 | 2025-03-17 | 4.3 Medium | ||
| A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been classified as problematic. Affected is an unknown function of the file /mnt/extsd/event/ of the component HTTP/RTSP. The manipulation leads to information disclosure. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-0241 | 1 Pgadmin | 1 Pgadmin 4 | 2025-03-17 | 6.5 Medium |
| pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database. | ||||
| CVE-2022-0959 | 1 Pgadmin | 1 Pgadmin 4 | 2025-03-17 | 6.5 Medium |
| A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. | ||||
| CVE-2025-2349 | 2025-03-17 | 3.1 Low | ||
| A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-3116 | 3 Fedoraproject, Pgadmin, Postgresql | 3 Fedora, Pgadmin 4, Pgadmin 4 | 2025-03-17 | 7.4 High |
| pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data. | ||||
| CVE-2023-5002 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin 4 | 2025-03-17 | 6 Medium |
| A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server. | ||||
| CVE-2023-22298 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin 4 | 2025-03-17 | 6.1 Medium |
| Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | ||||
| CVE-2024-9055 | 2025-03-17 | 4.2 Medium | ||
| The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack. | ||||
| CVE-2025-0595 | 2025-03-17 | 8.7 High | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-0596 | 2025-03-17 | 8.7 High | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-0598 | 2025-03-17 | 8.7 High | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting Relations in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-2350 | 2025-03-17 | 6.3 Medium | ||
| A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/upload_file. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2368 | 2025-03-17 | 6.3 Medium | ||
| A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-2369 | 2025-03-17 | 8.8 High | ||
| A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30089 | 2025-03-17 | 5.4 Medium | ||
| gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences. | ||||
| CVE-2025-30077 | 2025-03-17 | 6.2 Medium | ||
| Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits. | ||||
| CVE-2025-30076 | 2025-03-17 | 7.7 High | ||
| Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter. | ||||