Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46379 | 2025-04-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46378 | 2025-04-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46377 | 2025-04-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46376 | 2025-04-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46375 | 2025-04-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-46374 | 2025-04-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-1976 | 2025-04-24 | N/A | N/A | ||
| Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | |||||
| CVE-2025-46419 | 2025-04-24 | N/A | 5.9 MEDIUM | ||
| Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet. | |||||
| CVE-2025-27581 | 2025-04-24 | N/A | 4.3 MEDIUM | ||
| NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints. | |||||
| CVE-2025-27580 | 2025-04-24 | N/A | 7.5 HIGH | ||
| NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators. | |||||
| CVE-2025-25046 | 2025-04-23 | N/A | 3.7 LOW | ||
| IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques. | |||||
| CVE-2025-25045 | 2025-04-23 | N/A | 4.3 MEDIUM | ||
| IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system. | |||||
| CVE-2024-58251 | 2025-04-23 | N/A | 2.5 LOW | ||
| In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim. | |||||
| CVE-2024-22351 | 2025-04-23 | N/A | 6.3 MEDIUM | ||
| IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | |||||
| CVE-2025-3378 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component EPRT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3374 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component CCC Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3162 | 1 Internlm | 1 Lmdeploy | 2025-04-23 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2946 | 1 Pgadmin | 1 Pgadmin 4 | 2025-04-23 | N/A | 9.1 CRITICAL |
| pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser. | |||||
| CVE-2025-32464 | 2025-04-23 | N/A | 6.8 MEDIUM | ||
| HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one. | |||||
| CVE-2021-36471 | 1 Adminlte.io | 1 Adminlte | 2025-04-23 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs. Note: AdminLTE developers dispute that this a weakness with AdminLTE and is instead a misconfiguration error on various websites by the website developers. | |||||