Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28655 | 1 Apache | 1 Zeppelin | 2025-04-17 | N/A | 6.5 MEDIUM |
| The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | |||||
| CVE-2020-6998 | 1 Rockwellautomation | 18 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compact Guardlogix 5370 and 15 more | 2025-04-17 | N/A | 5.8 MEDIUM |
| The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products. | |||||
| CVE-2022-46401 | 1 Microchip | 24 Bm64, Bm64 Firmware, Bm70 and 21 more | 2025-04-17 | N/A | 5.4 MEDIUM |
| The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete. | |||||
| CVE-2022-46328 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-17 | N/A | 7.5 HIGH |
| Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-44756 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2025-04-16 | N/A | 6.4 MEDIUM |
| Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access. | |||||
| CVE-2022-25940 | 1 Lite-server Project | 1 Lite-server | 2025-04-16 | N/A | 7.5 HIGH |
| All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse. | |||||
| CVE-2025-24970 | 2025-04-16 | N/A | 7.5 HIGH | ||
| Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually. | |||||
| CVE-2022-22749 | 1 Mozilla | 1 Firefox | 2025-04-16 | N/A | 4.3 MEDIUM |
| When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. | |||||
| CVE-2024-20758 | 1 Adobe | 2 Commerce, Magento | 2025-04-16 | N/A | 9.0 CRITICAL |
| Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high. | |||||
| CVE-2025-3677 | 2025-04-16 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function split_files/apply_delta_low_cpu_mem of the file fastchat/model/apply_delta.py. The manipulation leads to deserialization. An attack has to be approached locally. | |||||
| CVE-2024-26290 | 2025-04-15 | N/A | N/A | ||
| Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance (SDA+) on Linux allows code execution on underlying operating system with root permissions.This issue affects Avid NEXIS E-series: before 2024.6.0; Avid NEXIS F-series: before 2024.6.0; Avid NEXIS PRO+: before 2024.6.0; System Director Appliance (SDA+): before 2024.6.0. | |||||
| CVE-2023-36505 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-15 | N/A | 6.8 MEDIUM |
| Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24. | |||||
| CVE-2022-34476 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 9.8 CRITICAL |
| ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102. | |||||
| CVE-2025-32073 | 2025-04-15 | N/A | N/A | ||
| Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting (XSS).This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43. | |||||
| CVE-2025-32079 | 2025-04-15 | N/A | N/A | ||
| Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43. | |||||
| CVE-2025-32071 | 2025-04-15 | N/A | N/A | ||
| Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting (XSS) from widthheight message via ImageHandler::getDimensionsString()This issue affects Mediawiki - Wikidata Extension: from 1.39 through 1.43. | |||||
| CVE-2025-32070 | 2025-04-15 | N/A | N/A | ||
| Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - AJAX Poll Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - AJAX Poll Extension: from 1.39 through 1.43. | |||||
| CVE-2025-32069 | 2025-04-15 | N/A | N/A | ||
| Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43. | |||||
| CVE-2025-32077 | 2025-04-15 | N/A | N/A | ||
| Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Extension:SimpleCalendar allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Extension:SimpleCalendar: from 1.39 through 1.43. | |||||
| CVE-2025-32067 | 2025-04-15 | N/A | N/A | ||
| Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth Experiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Growth Experiments Extension: from 1.39 through 1.43. | |||||