Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0360 | 2025-03-26 | 7.8 High | ||
| During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API. | ||||
| CVE-2024-27680 | 1 Flusity | 1 Flusity | 2025-03-26 | 6.1 Medium |
| Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form." | ||||
| CVE-2023-52461 | 1 Linux | 1 Linux Kernel | 2025-03-26 | 5.3 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drm_sched_entity_init()--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the expression which sets this limit. | ||||
| CVE-2025-1703 | 2025-03-26 | 6.4 Medium | ||
| The Ultimate Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-9355 | 1 Redhat | 21 Amq Streams, Ansible Automation Platform, Container Native Virtualization and 18 more | 2025-03-26 | 6.5 Medium |
| A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack. | ||||
| CVE-2024-1725 | 1 Redhat | 6 Openshift, Openshift Container Platform, Openshift Container Platform For Arm64 and 3 more | 2025-03-26 | 6.5 Medium |
| A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node. | ||||
| CVE-2024-1013 | 2 Redhat, Unixodbc | 2 Enterprise Linux, Unixodbc | 2025-03-26 | 7.8 High |
| An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. | ||||
| CVE-2024-10033 | 1 Redhat | 6 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 3 more | 2025-03-26 | 6.1 Medium |
| A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data. | ||||
| CVE-2024-26279 | 1 Joomla | 1 Joomla\! | 2025-03-26 | 6.1 Medium |
| The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | ||||
| CVE-2024-21729 | 1 Joomla | 1 Joomla\! | 2025-03-26 | 6.1 Medium |
| Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | ||||
| CVE-2024-58104 | 2025-03-26 | 7.3 High | ||
| A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-58105 | 2025-03-26 | 7.3 High | ||
| A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-0927 | 2025-03-26 | 7.8 High | ||
| Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. | ||||
| CVE-2025-1828 | 2025-03-26 | 8.8 High | ||
| Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider. In particular, Windows versions of perl will encounter this issue by default. | ||||
| CVE-2024-7316 | 2025-03-25 | 5.9 Medium | ||
| Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop. | ||||
| CVE-2025-29789 | 2025-03-25 | N/A | ||
| OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue. | ||||
| CVE-2024-55029 | 2025-03-25 | N/A | ||
| NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | ||||
| CVE-2023-25193 | 3 Fedoraproject, Harfbuzz Project, Redhat | 8 Fedora, Harfbuzz, Enterprise Linux and 5 more | 2025-03-25 | 7.5 High |
| hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. | ||||
| CVE-2023-24138 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-25 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. | ||||
| CVE-2023-0661 | 1 Devolutions | 1 Devolutions Server | 2025-03-25 | 6.5 Medium |
| Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. | ||||