Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35247 | 1 Solarwinds | 1 Serv-u | 2025-10-27 | 5.0 MEDIUM | 4.3 MEDIUM |
| Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U. | |||||
| CVE-2025-26780 | 1 Samsung | 4 Exynos 2400, Exynos 2400 Firmware, Modem 5400 and 1 more | 2025-10-27 | N/A | 7.5 HIGH |
| An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400. The lack of a length check leads to a Denial of Service via a malformed PDCP packet. | |||||
| CVE-2025-8876 | 1 N-able | 1 N-central | 2025-10-27 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1. | |||||
| CVE-2025-11938 | 1 Churchcrm | 1 Churchcrm | 2025-10-27 | 5.1 MEDIUM | 5.6 MEDIUM |
| A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing manipulation of the argument DB_PASSWORD/ROOT_PATH/URL results in deserialization. The attack may be initiated remotely. The attack's complexity is rated as high. It is stated that the exploitability is difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12284 | 2025-10-27 | N/A | N/A | ||
| Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||||
| CVE-2025-12285 | 2025-10-27 | N/A | N/A | ||
| Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||||
| CVE-2025-12275 | 2025-10-27 | N/A | N/A | ||
| Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||||
| CVE-2025-11497 | 2025-10-27 | N/A | 4.3 MEDIUM | ||
| The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.6. This is due to missing or incorrect nonce validation on the aDBc_prepare_elements_to_clean() function. This makes it possible for unauthenticated attackers to alter the keep last setting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-12278 | 2025-10-27 | N/A | N/A | ||
| Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||||
| CVE-2025-55679 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-24 | N/A | 5.1 MEDIUM |
| Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2022-2856 | 5 Apple, Fedoraproject, Google and 2 more | 6 Macos, Fedora, Android and 3 more | 2025-10-24 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. | |||||
| CVE-2022-3075 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-10-24 | N/A | 9.6 CRITICAL |
| Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-38000 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2025-10-24 | 5.8 MEDIUM | 6.1 MEDIUM |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | |||||
| CVE-2023-2868 | 1 Barracuda | 10 Email Security Gateway 300, Email Security Gateway 300 Firmware, Email Security Gateway 400 and 7 more | 2025-10-24 | N/A | 9.4 CRITICAL |
| A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances. | |||||
| CVE-2023-22515 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-10-24 | N/A | 9.8 CRITICAL |
| Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | |||||
| CVE-2023-41061 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-10-23 | N/A | 7.8 HIGH |
| A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2020-0041 | 1 Google | 1 Android | 2025-10-23 | 7.2 HIGH | 7.8 HIGH |
| In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel | |||||
| CVE-2022-24086 | 1 Adobe | 2 Commerce, Magento | 2025-10-23 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. | |||||
| CVE-2024-6436 | 1 Rockwellautomation | 1 Sequencemanager | 2025-10-22 | N/A | 6.5 MEDIUM |
| An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, however the equipment sequence would continue to execute uninterrupted. | |||||
| CVE-2013-6282 | 1 Linux | 1 Linux Kernel | 2025-10-22 | 7.2 HIGH | 8.8 HIGH |
| The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013. | |||||