Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33768 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | N/A | 9.8 CRITICAL |
| lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over. | |||||
| CVE-2024-57720 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | N/A | 6.5 MEDIUM |
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_blend. | |||||
| CVE-2024-57721 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | N/A | 6.5 MEDIUM |
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path. | |||||
| CVE-2024-57723 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | N/A | 6.5 MEDIUM |
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component composition_source_over. | |||||
| CVE-2024-55456 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | N/A | 6.5 MEDIUM |
| lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell | |||||
| CVE-2025-3086 | 2025-04-07 | N/A | N/A | ||
| Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service | |||||
| CVE-2025-1974 | 2025-03-27 | N/A | 9.8 CRITICAL | ||
| A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | |||||
| CVE-2024-35425 | 2025-03-24 | N/A | 5.5 MEDIUM | ||
| vmir e8117 was discovered to contain a segmentation violation via the function_prepare_parse function at /src/vmir_function.c. | |||||
| CVE-2025-29781 | 2025-03-18 | N/A | 6.5 MEDIUM | ||
| The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource `BMCEventSubscription`. Prior to versions 0.8.1 and 0.9.1, an adversary Kubernetes account with only namespace level roles (e.g. a tenant controlling a namespace) may create a `BMCEventSubscription` in his authorized namespace and then load Secrets from his unauthorized namespaces to his authorized namespace via the Baremetal Operator, causing Secret Leakage. The patch makes BMO refuse to read Secrets from other namespace than where the corresponding BMH resource is. The patch does not change the `BMCEventSubscription` API in BMO, but stricter validation will fail the request at admission time. It will also prevent the controller reading such Secrets, in case the BMCES CR has already been deployed. The issue exists for all versions of BMO, and is patched in BMO releases v0.9.1 and v0.8.1. Prior upgrading to patched BMO version, duplicate any existing Secret pointed to by `BMCEventSubscription`'s `httpHeadersRef` to the same namespace where the corresponding BMH exists. After upgrade, remove the old Secrets. As a workaround, the operator can configure BMO RBAC to be namespace scoped, instead of cluster scoped, to prevent BMO from accessing Secrets from other namespaces, and/or use `WATCH_NAMESPACE` configuration option to limit BMO to single namespace. | |||||
| CVE-2025-26393 | 2025-03-17 | N/A | 5.4 MEDIUM | ||
| SolarWinds Service Desk is affected by a broken access control vulnerability. The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation. | |||||
| CVE-2025-21590 | 1 Juniper | 1 Junos | 2025-03-14 | N/A | 4.4 MEDIUM |
| An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS: * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2. | |||||
| CVE-2025-24986 | 2025-03-11 | N/A | 6.5 MEDIUM | ||
| Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2023-1305 | 1 Rapid7 | 2 Insightappsec, Insightcloudsec | 2025-02-26 | N/A | 8.1 HIGH |
| An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. | |||||
| CVE-2023-29580 | 1 Yasm Project | 1 Yasm | 2025-02-08 | N/A | 5.5 MEDIUM |
| yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c. | |||||
| CVE-2024-0137 | 2025-01-28 | N/A | 5.5 MEDIUM | ||
| NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges. | |||||
| CVE-2024-0136 | 2025-01-28 | N/A | 7.6 HIGH | ||
| NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2024-0135 | 2025-01-28 | N/A | 7.6 HIGH | ||
| NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2024-47520 | 2025-01-10 | N/A | 7.6 HIGH | ||
| A user with advanced report application access rights can perform actions for which they are not authorized | |||||
| CVE-2024-53855 | 2024-11-27 | N/A | 1.9 LOW | ||
| Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they are not apart of. Users with following permissions are applicable: 1. `view_ticket_change` permission can view change tickets from organizations they are not apart of. 2. `view_ticket_incident` permission can view incident tickets from organizations they are not apart of. 3. `view_ticket_request` permission can view request tickets from organizations they are not apart of. 4. `view_ticket_problem` permission can view problem tickets from organizations they are not apart of. The access to view the tickets from different organizations is only applicable when browsing the API endpoints for the tickets in question. The Centurion UI is not affected. Project Tasks, although a "ticket type" are also **Not** affected. This issue has been addressed in release version 1.3.1 and users are advised to upgrade. Users unable to upgrade may remove the ticket view permissions from users which would alleviate this vulnerability, if this is deemed not-viable, Upgrading is recommended. | |||||
| CVE-2024-30388 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss. This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series: * 20.4 versions from 20.4R3-S4 before 20.4R3-S8, * 21.2 versions from 21.2R3-S2 before 21.2R3-S6, * 21.4 versions from 21.4R2 before 21.4R3-S4, * 22.1 versions from 22.1R2 before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2-S1, 22.4R3. | |||||