Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21137 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2025-03-14 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-1694 | 2 Google, Microsoft | 3 Omaha, Updater, Windows | 2025-03-14 | 7.8 High |
| Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High) | ||||
| CVE-2023-7233 | 1 Tri | 1 Gigpress | 2025-03-14 | 4.8 Medium |
| The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-26267 | 1 Php-saml-sp Project | 1 Php-saml-sp | 2025-03-14 | 6.5 Medium |
| php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR. | ||||
| CVE-2023-26266 | 1 Afl\+\+ Project | 1 Afl\+\+ | 2025-03-14 | 7.3 High |
| In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution. | ||||
| CVE-2023-26265 | 1 Borg Project | 1 Borg | 2025-03-14 | 5.3 Medium |
| The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them. | ||||
| CVE-2023-26253 | 1 Gluster | 1 Glusterfs | 2025-03-14 | 7.5 High |
| In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. | ||||
| CVE-2023-26249 | 1 Nic | 1 Knot Resolver | 2025-03-14 | 7.5 High |
| Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response. | ||||
| CVE-2023-24184 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-03-14 | 9.8 Critical |
| TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. | ||||
| CVE-2023-24081 | 1 Go-redrock | 1 Tutortrac | 2025-03-14 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page. | ||||
| CVE-2023-24080 | 1 Chamberlain | 1 Myq | 2025-03-14 | 9.8 Critical |
| A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | ||||
| CVE-2023-0559 | 1 Gsplugins | 1 Gs Portfolio For Envato | 2025-03-14 | 5.4 Medium |
| The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-0380 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2025-03-14 | 5.4 Medium |
| The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0271 | 1 Wp Font Awesome Project | 1 Wp Font Awesome | 2025-03-14 | 5.4 Medium |
| The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2022-4785 | 1 Video Sidebar Widgets Project | 1 Video Sidebar Widgets | 2025-03-14 | 5.4 Medium |
| The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2022-48340 | 1 Gluster | 1 Glusterfs | 2025-03-14 | 7.5 High |
| In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free. | ||||
| CVE-2022-46637 | 1 Prolink2u | 2 Prs1841, Prs1841 Firmware | 2025-03-14 | 9.8 Critical |
| Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services. | ||||
| CVE-2022-45677 | 1 Tuition Management System Project | 1 Tuition Management System | 2025-03-14 | 9.8 Critical |
| SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php. | ||||
| CVE-2019-25211 | 2 Gin-contrib, Redhat | 2 Cors, Rhmt | 2025-03-14 | 9.1 Critical |
| parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed. | ||||
| CVE-2018-25099 | 1 Dcit | 1 Perl-cryptx | 2025-03-14 | 9.8 Critical |
| In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag. | ||||