Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21551 | 1 Oracle | 1 Solaris | 2025-03-13 | 6 Medium |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: File system). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). | ||||
| CVE-2025-0588 | 2025-03-13 | N/A | ||
| In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would return 500 errors rendering the site mostly unusable. The user would be able to subsequently set and unset the referrer header to control the denial of service state with a valid CSRF token whilst new CSRF tokens could not be generated. | ||||
| CVE-2024-9420 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-03-13 | 8.8 High |
| A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution | ||||
| CVE-2024-56946 | 2025-03-13 | 5.3 Medium | ||
| Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads. | ||||
| CVE-2024-55897 | 2025-03-13 | 4.3 Medium | ||
| IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | ||||
| CVE-2024-52677 | 1 Hkcms | 1 Hkcms | 2025-03-13 | 9.8 Critical |
| HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php. | ||||
| CVE-2024-50653 | 1 Crmeb | 1 Crmeb | 2025-03-13 | 7.5 High |
| CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim coupons once by capturing packets and sending a large number of data packets for coupon collection, achieving unlimited coupon collection. | ||||
| CVE-2024-48991 | 1 Needrestart Project | 1 Needrestart | 2025-03-13 | 7.8 High |
| Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3). | ||||
| CVE-2024-48007 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-03-13 | 5.3 Medium |
| Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data. | ||||
| CVE-2024-47485 | 1 Hikvision | 2 Hikcentral Master, Hikcentral Master Lite | 2025-03-13 | 9.8 Critical |
| There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file. | ||||
| CVE-2024-46586 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46565 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46453 | 1 Honeywell | 2 Iq3xcite, Iq3xcite Firmware | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-46264 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2025-03-13 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h. | ||||
| CVE-2024-45269 | 1 Majeedraza | 1 Carousel Slider | 2025-03-13 | 4.3 Medium |
| WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site. | ||||
| CVE-2024-44193 | 1 Apple | 1 Itunes | 2025-03-13 | 8.4 High |
| A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges. | ||||
| CVE-2024-42967 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-03-13 | 9.8 Critical |
| Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | ||||
| CVE-2024-42918 | 1 Adonesevangelista | 1 Online Accreditation Management System | 2025-03-13 | 5.4 Medium |
| itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, which allows an attacker to execute arbitrary code via a crafted payload to the SCHOOLNAME, EMAILADDRES, CONTACTNO, COMPANYNAME and COMPANYCONTACTNO parameters in controller.php. | ||||
| CVE-2024-42778 | 1 Lopalopa | 1 Music Management System | 2025-03-13 | 8.8 High |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-42009 | 1 Roundcube | 1 Webmail | 2025-03-13 | 9.3 Critical |
| A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. | ||||