Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2541 | 1 Sony | 1 Playstation 3 | 2025-04-23 | 7.8 HIGH | 7.5 HIGH |
| The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | |||||
| CVE-2008-2991 | 1 Adobe | 1 Robohelp Server | 2025-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log. | |||||
| CVE-2008-0642 | 1 Adobe | 1 Robohelp | 2025-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280. | |||||
| CVE-2001-0827 | 1 Grant Averett | 1 Ceberus Ftp Server | 2025-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests. | |||||
| CVE-2025-30305 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2025-04-23 | N/A | 5.5 MEDIUM |
| XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-43014 | 1 Jetbrains | 1 Toolbox | 2025-04-23 | N/A | 6.1 MEDIUM |
| In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation | |||||
| CVE-2024-40507 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function. | |||||
| CVE-2024-40508 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function. | |||||
| CVE-2024-40511 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. | |||||
| CVE-2024-40512 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. | |||||
| CVE-2024-40506 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function. | |||||
| CVE-2025-3679 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3163 | 1 Internlm | 1 Lmdeploy | 2025-04-23 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-43013 | 1 Jetbrains | 1 Toolbox | 2025-04-23 | N/A | 6.9 MEDIUM |
| In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible | |||||
| CVE-2025-42921 | 1 Jetbrains | 1 Toolbox | 2025-04-23 | N/A | 4.2 MEDIUM |
| In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin | |||||
| CVE-2025-3164 | 1 Tencentmusic | 1 Supersonic | 2025-04-23 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-46393 | 2025-04-23 | N/A | 2.9 LOW | ||
| In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). | |||||
| CVE-2025-28036 | 2025-04-23 | N/A | 9.8 CRITICAL | ||
| TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | |||||
| CVE-2025-28035 | 2025-04-23 | N/A | 9.8 CRITICAL | ||
| TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | |||||
| CVE-2025-28034 | 2025-04-23 | N/A | 9.8 CRITICAL | ||
| TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter. | |||||