Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43335 | 2025-11-04 | N/A | 5.5 MEDIUM | ||
| The issue was addressed by adding additional logic. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data. | |||||
| CVE-2025-12108 | 2025-11-04 | N/A | N/A | ||
| The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check. | |||||
| CVE-2024-3159 | 1 Google | 1 Chrome | 2025-11-04 | N/A | 8.8 HIGH |
| Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-3158 | 1 Google | 1 Chrome | 2025-11-04 | N/A | 8.8 HIGH |
| Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-3156 | 1 Google | 1 Chrome | 2025-11-04 | N/A | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-31705 | 2025-11-04 | N/A | 9.8 CRITICAL | ||
| An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input. | |||||
| CVE-2024-31309 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2025-11-04 | N/A | 7.5 HIGH |
| HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue. | |||||
| CVE-2024-31142 | 2025-11-04 | N/A | 7.5 HIGH | ||
| Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html | |||||
| CVE-2024-30929 | 1 Derbynet | 1 Derbynet | 2025-11-04 | N/A | 8.0 HIGH |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php | |||||
| CVE-2024-30928 | 1 Derbynet | 1 Derbynet | 2025-11-04 | N/A | 8.1 HIGH |
| SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc | |||||
| CVE-2024-30927 | 1 Derbynet | 1 Derbynet | 2025-11-04 | N/A | 6.3 MEDIUM |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component. | |||||
| CVE-2024-30926 | 1 Derbynet | 1 Derbynet | 2025-11-04 | N/A | 4.6 MEDIUM |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component. | |||||
| CVE-2024-30925 | 1 Derbynet | 1 Derbynet | 2025-11-04 | N/A | 6.5 MEDIUM |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component. | |||||
| CVE-2024-30924 | 1 Derbynet | 1 Derbynet | 2025-11-04 | N/A | 4.6 MEDIUM |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component. | |||||
| CVE-2024-30923 | 1 Derbynet | 1 Derbynet | 2025-11-04 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering | |||||
| CVE-2024-30922 | 1 Derbynet | 1 Derbynet | 2025-11-04 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. | |||||
| CVE-2024-30921 | 1 Derbynet | 1 Derbynet | 2025-11-04 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component. | |||||
| CVE-2024-30920 | 1 Derbynet | 1 Derbynet | 2025-11-04 | N/A | 7.4 HIGH |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component. | |||||
| CVE-2024-30255 | 1 Envoyproxy | 1 Envoy | 2025-11-04 | N/A | 5.3 MEDIUM |
| Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections. | |||||
| CVE-2024-2653 | 2025-11-04 | N/A | 8.2 HIGH | ||
| amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash. | |||||