Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1777 | 1 Skype Technologies | 1 Skype | 2025-04-03 | 5.0 MEDIUM | N/A |
| A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114. | |||||
| CVE-2005-4560 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
| The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. | |||||
| CVE-2004-0840 | 1 Microsoft | 3 Exchange Server, Windows Server 2003, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
| The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. | |||||
| CVE-1999-0726 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.8 HIGH | N/A |
| An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. | |||||
| CVE-2000-0380 | 1 Cisco | 1 Ios | 2025-04-03 | 7.1 HIGH | N/A |
| The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. | |||||
| CVE-2002-2423 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 6.4 MEDIUM | N/A |
| Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response. | |||||
| CVE-2006-2782 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-03 | 4.3 MEDIUM | N/A |
| Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control. | |||||
| CVE-2024-25974 | 1 Frentix | 1 Openolat | 2025-04-02 | N/A | 5.4 MEDIUM |
| The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload. | |||||
| CVE-2023-23560 | 1 Lexmark | 256 B2236, B2236 Firmware, B2338 and 253 more | 2025-04-02 | N/A | 9.8 CRITICAL |
| In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. | |||||
| CVE-2022-47100 | 1 Sengled | 2 Es21-n1eaw, Es21-n1eaw Firmware | 2025-04-02 | N/A | 7.5 HIGH |
| A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame. | |||||
| CVE-2021-43448 | 1 Onlyoffice | 1 Server | 2025-04-02 | N/A | 5.3 MEDIUM |
| ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known. | |||||
| CVE-2025-31135 | 2025-04-02 | N/A | 5.3 MEDIUM | ||
| Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is considered part of the exchange between client and server, so the client is free to send further PROXY commands with whatever data it pleases. go-guerrilla will treat these as coming from the reverse proxy, allowing a client to spoof its IP address. This vulnerability is fixed in 1.6.7. | |||||
| CVE-2025-31132 | 2025-04-01 | N/A | 8.1 HIGH | ||
| Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10. | |||||
| CVE-2024-27092 | 1 Hoppscotch | 1 Hoppscotch | 2025-04-01 | N/A | 5.4 MEDIUM |
| Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload (external link) is presented in clickable form - easier to achieve own goals by malicious actors. This issue is fixed in 2023.12.6. | |||||
| CVE-2023-24493 | 1 Tenable | 1 Tenable.sc | 2025-04-01 | N/A | 5.7 MEDIUM |
| A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host. | |||||
| CVE-2023-0229 | 1 Redhat | 1 Openshift | 2025-04-01 | N/A | 6.3 MEDIUM |
| A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify. | |||||
| CVE-2022-3736 | 1 Isc | 1 Bind | 2025-04-01 | N/A | 7.5 HIGH |
| BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. | |||||
| CVE-2022-45770 | 1 Adguard | 1 Adguard | 2025-03-31 | N/A | 7.8 HIGH |
| Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation. | |||||
| CVE-2024-20064 | 2 Google, Mediatek | 30 Android, Mt6580, Mt6761 and 27 more | 2025-03-29 | N/A | 7.8 HIGH |
| In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229. | |||||
| CVE-2024-22054 | 2025-03-27 | N/A | 7.5 HIGH | ||
| A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later. | |||||