Total
11365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-34021 | 2025-06-23 | N/A | N/A | ||
| A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration. | |||||
| CVE-2025-25038 | 2025-06-23 | N/A | N/A | ||
| An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. | |||||
| CVE-2025-34030 | 2025-06-23 | N/A | N/A | ||
| An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to the plot parameter (e.g., ?plot=;id) in a crafted GET request. The output of the command is displayed in the application's interface after interacting with the host selection UI. Successful exploitation leads to arbitrary command execution on the underlying system. | |||||
| CVE-2025-6545 | 2025-06-23 | N/A | N/A | ||
| Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2. | |||||
| CVE-2025-4563 | 2025-06-23 | N/A | 2.7 LOW | ||
| A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation. | |||||
| CVE-2025-26413 | 1 Apache | 1 Kvrocks | 2025-06-23 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. Users are recommended to upgrade to version 2.12.0, which fixes the issue. | |||||
| CVE-2023-47355 | 1 Eyuepcanyilmaz | 1 Root Quick Reboot | 2025-06-20 | N/A | 7.5 HIGH |
| The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation. | |||||
| CVE-2023-48354 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-20 | N/A | 5.5 MEDIUM |
| In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-48346 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-20 | N/A | 5.5 MEDIUM |
| In video decoder, there is a possible improper input validation. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2023-42826 | 1 Apple | 1 Macos | 2025-06-20 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution. | |||||
| CVE-2023-40394 | 1 Apple | 2 Ipados, Iphone Os | 2025-06-20 | N/A | 3.3 LOW |
| The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data. | |||||
| CVE-2024-3096 | 2 Debian, Php | 2 Debian Linux, Php | 2025-06-18 | N/A | 6.5 MEDIUM |
| In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. | |||||
| CVE-2023-46929 | 1 Gpac | 1 Gpac | 2025-06-18 | N/A | 7.5 HIGH |
| An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application. | |||||
| CVE-2024-37917 | 1 Pexip | 1 Pexip Infinity | 2025-06-18 | N/A | 7.5 HIGH |
| Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message. | |||||
| CVE-2025-30080 | 1 Pexip | 1 Pexip Infinity | 2025-06-18 | N/A | 7.5 HIGH |
| Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort). | |||||
| CVE-2025-1088 | 2025-06-18 | N/A | 2.7 LOW | ||
| In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher. | |||||
| CVE-2024-39780 | 2025-06-18 | N/A | 7.8 HIGH | ||
| A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code. | |||||
| CVE-2022-1471 | 1 Snakeyaml Project | 1 Snakeyaml | 2025-06-18 | N/A | 8.3 HIGH |
| SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond. | |||||
| CVE-2025-49081 | 1 Absolute | 1 Secure Access | 2025-06-17 | N/A | 4.9 MEDIUM |
| There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high. | |||||
| CVE-2024-32371 | 1 Hsclabs | 1 Mailinspector | 2025-06-17 | N/A | 7.5 HIGH |
| An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. | |||||