Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28457 | 1 Technitium | 1 Dnsserver | 2025-04-22 | N/A | 7.5 HIGH |
| An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful. | |||||
| CVE-2023-28456 | 1 Technitium | 1 Dnsserver | 2025-04-22 | N/A | 7.5 HIGH |
| An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS. | |||||
| CVE-2023-28455 | 1 Technitium | 1 Dnsserver | 2025-04-22 | N/A | 7.5 HIGH |
| An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS. | |||||
| CVE-2023-28451 | 1 Technitium | 1 Dnsserver | 2025-04-22 | N/A | 7.5 HIGH |
| An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit would be widespread and highly impactful, because the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID. | |||||
| CVE-2023-51316 | 1 Phpjabbers | 1 Bus Reservation System | 2025-04-22 | N/A | 7.5 HIGH |
| A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | |||||
| CVE-2025-28242 | 2025-04-22 | N/A | 9.8 CRITICAL | ||
| Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack. | |||||
| CVE-2025-28238 | 2025-04-22 | N/A | 9.8 CRITICAL | ||
| Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack. | |||||
| CVE-2025-28237 | 2025-04-22 | N/A | 8.8 HIGH | ||
| An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload. | |||||
| CVE-2025-28197 | 2025-04-22 | N/A | 9.1 CRITICAL | ||
| Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py. | |||||
| CVE-2024-57493 | 2025-04-22 | N/A | 5.5 MEDIUM | ||
| An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function. | |||||
| CVE-2022-46122 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-22 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=. | |||||
| CVE-2022-46121 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-22 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=. | |||||
| CVE-2022-46120 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-22 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=. | |||||
| CVE-2022-46119 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-22 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=. | |||||
| CVE-2022-46118 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-22 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=. | |||||
| CVE-2022-44898 | 1 Asus | 1 Aura Sync | 2025-04-22 | N/A | 7.8 HIGH |
| The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests. | |||||
| CVE-2022-44832 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. | |||||
| CVE-2022-42814 | 1 Apple | 1 Macos | 2025-04-22 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | |||||
| CVE-2022-42813 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-22 | N/A | 9.8 CRITICAL |
| A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution. | |||||
| CVE-2022-3115 | 1 Linux | 1 Linux Kernel | 2025-04-22 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. | |||||