Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57672 | 1 Projectfloodlight | 1 Floodlight | 2025-04-23 | N/A | 5.5 MEDIUM |
| An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module. | |||||
| CVE-2024-57673 | 1 Projectfloodlight | 1 Floodlight | 2025-04-23 | N/A | 5.5 MEDIUM |
| An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module | |||||
| CVE-2025-0881 | 1 Codezips | 1 Gym Management System | 2025-04-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-57369 | 1 Typecho | 1 Typecho | 2025-04-23 | N/A | 6.4 MEDIUM |
| Clickjacking vulnerability in typecho v1.2.1. | |||||
| CVE-2024-55000 | 1 Mayurik | 1 House Rental Management System | 2025-04-23 | N/A | 5.4 MEDIUM |
| Sourcecodester House Rental Management system v1.0 is vulnerable to Cross Site Scripting (XSS) in rental/manage_categories.php. | |||||
| CVE-2024-56116 | 1 Amiro | 1 Amiro.cms | 2025-04-23 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account. | |||||
| CVE-2024-56115 | 1 Amiro | 1 Amiro.cms | 2025-04-23 | N/A | 6.1 MEDIUM |
| A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting (XSS) attack. | |||||
| CVE-2024-32841 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32839 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-50330 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 9.8 CRITICAL |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. | |||||
| CVE-2024-43437 | 1 Moodle | 1 Moodle | 2025-04-23 | N/A | 5.4 MEDIUM |
| A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files. | |||||
| CVE-2024-43439 | 1 Moodle | 1 Moodle | 2025-04-23 | N/A | 5.4 MEDIUM |
| A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk. | |||||
| CVE-2024-32844 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2025-46400 | 2025-04-23 | N/A | 7.1 HIGH | ||
| Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function. | |||||
| CVE-2025-46399 | 2025-04-23 | N/A | 7.1 HIGH | ||
| Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via genge_itp_spline function. | |||||
| CVE-2025-46398 | 2025-04-23 | N/A | 7.1 HIGH | ||
| Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function. | |||||
| CVE-2025-46397 | 2025-04-23 | N/A | 7.1 HIGH | ||
| Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function. | |||||
| CVE-2022-3710 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-23 | N/A | 2.7 LOW |
| A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-23143 | 1 Zte | 2 Otcp, Otcp Firmware | 2025-04-23 | N/A | 6.5 MEDIUM |
| ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files. | |||||
| CVE-2025-32818 | 2025-04-23 | N/A | 7.5 HIGH | ||
| A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition. | |||||