Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-52342 | 2 Google, Unisoc | 5 Android, S8000 Firmware, T760 Firmware and 2 more | 2025-03-13 | 7.5 High |
| In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | ||||
| CVE-2023-35006 | 1 Ibm | 2 Cpe, Security Qradar Edr | 2025-03-13 | 5.4 Medium |
| IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 297165. | ||||
| CVE-2023-30309 | 2025-03-13 | 5.7 Medium | ||
| An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | ||||
| CVE-2016-20022 | 2025-03-13 | 8.4 High | ||
| In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier. | ||||
| CVE-2025-25616 | 1 Changeweb | 1 Unifiedtransform | 2025-03-13 | 7.6 High |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. | ||||
| CVE-2025-25615 | 1 Changeweb | 1 Unifiedtransform | 2025-03-13 | 6 Medium |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. | ||||
| CVE-2024-21148 | 1 Oracle | 1 E-business Suite | 2025-03-13 | 4.8 Medium |
| Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2024-12876 | 1 Uxper | 1 Golo | 2025-03-13 | 9.8 Critical |
| The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | ||||
| CVE-2024-50282 | 1 Linux | 1 Linux Kernel | 2025-03-13 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Avoid a possible buffer overflow if size is larger than 4K. (cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434) | ||||
| CVE-2024-53061 | 1 Linux | 1 Linux Kernel | 2025-03-13 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment. | ||||
| CVE-2024-37398 | 1 Ivanti | 1 Secure Access Client | 2025-03-13 | 7.8 High |
| Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-13431 | 1 Nsquared | 1 Appointment Booking Calendar | 2025-03-13 | 6.1 Medium |
| The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accent_color and background parameter in all versions up to, and including, 1.6.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-21092 | 1 Oracle | 1 Agile Product Lifecycle Management For Process | 2025-03-13 | 8.1 High |
| Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2024-13781 | 1 Heroplugins | 1 Hero Maps Premium | 2025-03-13 | 6.5 Medium |
| The Hero Maps Premium plugin for WordPress is vulnerable to SQL Injection via several AJAX actions in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-13904 | 1 Platformly | 1 Platform.ly For Woocommerce | 2025-03-13 | 5.3 Medium |
| The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2024-30592 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 8.0 High |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function. | ||||
| CVE-2024-30591 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 8.8 High |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. | ||||
| CVE-2024-30590 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 6.5 Medium |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. | ||||
| CVE-2024-30589 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 9.8 Critical |
| Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function. | ||||
| CVE-2024-30588 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | 4.3 Medium |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. | ||||