Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2609 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-03-14 | 6.1 Medium |
| The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10. | ||||
| CVE-2024-21179 | 1 Oracle | 1 Mysql Server | 2025-03-14 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2023-7261 | 1 Google | 3 Chrome, Omaha, Updater | 2025-03-14 | 7.3 High |
| Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) | ||||
| CVE-2023-48957 | 1 Purevpn | 1 Purevpn | 2025-03-14 | 5.3 Medium |
| PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers. | ||||
| CVE-2023-37057 | 1 Jlink | 1 Ax1800 | 2025-03-14 | 9.8 Critical |
| An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism. | ||||
| CVE-2018-14847 | 1 Mikrotik | 1 Routeros | 2025-03-14 | 9.1 Critical |
| MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. | ||||
| CVE-2018-11138 | 1 Quest | 1 Kace System Management Appliance | 2025-03-14 | 9.8 Critical |
| The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. | ||||
| CVE-2018-6882 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-03-14 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. | ||||
| CVE-2018-6789 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2025-03-14 | 9.8 Critical |
| An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. | ||||
| CVE-2017-1000486 | 1 Primetek | 1 Primefaces | 2025-03-14 | 9.8 Critical |
| Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution | ||||
| CVE-2017-11357 | 1 Telerik | 1 Ui For Asp.net Ajax | 2025-03-14 | 9.8 Critical |
| Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | ||||
| CVE-2017-9248 | 2 Progress, Telerik | 2 Sitefinity, Ui For Asp.net Ajax | 2025-03-14 | 9.8 Critical |
| Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | ||||
| CVE-2024-57727 | 1 Simple-help | 1 Simplehelp | 2025-03-14 | 7.5 High |
| SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords. | ||||
| CVE-2023-28461 | 1 Arraynetworks | 14 Ag1000, Ag1000t, Ag1000v5 and 11 more | 2025-03-14 | 9.8 Critical |
| Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon." | ||||
| CVE-2023-22952 | 1 Sugarcrm | 1 Sugarcrm | 2025-03-14 | 8.8 High |
| In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. | ||||
| CVE-2022-44877 | 1 Control-webpanel | 1 Webpanel | 2025-03-14 | 9.8 Critical |
| login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. | ||||
| CVE-2016-20017 | 1 Dlink | 2 Dsl-2750b, Dsl-2750b Firmware | 2025-03-14 | 9.8 Critical |
| D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. | ||||
| CVE-2022-29499 | 1 Mitel | 1 Mivoice Connect | 2025-03-14 | 9.8 Critical |
| The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. | ||||
| CVE-2022-26143 | 1 Mitel | 2 Micollab, Mivoice Business Express | 2025-03-14 | 9.8 Critical |
| The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. | ||||
| CVE-2022-26318 | 1 Watchguard | 1 Fireware | 2025-03-14 | 9.8 Critical |
| On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | ||||