Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40394 | 1 Apple | 2 Ipados, Iphone Os | 2025-06-20 | N/A | 3.3 LOW |
| The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data. | |||||
| CVE-2023-46929 | 1 Gpac | 1 Gpac | 2025-06-18 | N/A | 7.5 HIGH |
| An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application. | |||||
| CVE-2024-37917 | 1 Pexip | 1 Pexip Infinity | 2025-06-18 | N/A | 7.5 HIGH |
| Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message. | |||||
| CVE-2025-30080 | 1 Pexip | 1 Pexip Infinity | 2025-06-18 | N/A | 7.5 HIGH |
| Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort). | |||||
| CVE-2025-1088 | 2025-06-18 | N/A | 2.7 LOW | ||
| In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher. | |||||
| CVE-2022-1471 | 1 Snakeyaml Project | 1 Snakeyaml | 2025-06-18 | N/A | 8.3 HIGH |
| SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond. | |||||
| CVE-2025-49081 | 1 Absolute | 1 Secure Access | 2025-06-17 | N/A | 4.9 MEDIUM |
| There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high. | |||||
| CVE-2024-32371 | 1 Hsclabs | 1 Mailinspector | 2025-06-17 | N/A | 7.5 HIGH |
| An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. | |||||
| CVE-2024-21507 | 1 Sidorares | 1 Mysql2 | 2025-06-17 | N/A | 6.5 MEDIUM |
| Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. | |||||
| CVE-2023-50694 | 1 Dom96 | 1 Httpbeast | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component. | |||||
| CVE-2024-33792 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | |||||
| CVE-2025-4905 | 1 Washington | 1 Basestation | 2025-06-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far. | |||||
| CVE-2025-3116 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. | |||||
| CVE-2025-3898 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver. | |||||
| CVE-2025-0037 | 2025-06-12 | N/A | 6.6 MEDIUM | ||
| In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality. | |||||
| CVE-2025-4680 | 2025-06-12 | N/A | N/A | ||
| Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0. | |||||
| CVE-2025-0052 | 2025-06-12 | N/A | N/A | ||
| Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service. | |||||
| CVE-2025-0051 | 2025-06-12 | N/A | N/A | ||
| Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service. | |||||
| CVE-2024-1244 | 2025-06-12 | N/A | N/A | ||
| Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. | |||||
| CVE-2023-45163 | 1 1e | 1 Platform | 2025-06-12 | N/A | 9.9 CRITICAL |
| The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI | |||||