Total
10227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25255 | 1 Yandex | 1 Yandex Browser | 2025-06-10 | N/A | 7.5 HIGH |
| Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service. | |||||
| CVE-2025-27131 | 1 Openatom | 1 Openharmony | 2025-06-09 | N/A | 6.1 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. | |||||
| CVE-2025-27242 | 1 Openatom | 1 Openharmony | 2025-06-09 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. | |||||
| CVE-2018-1000168 | 3 Debian, Nghttp2, Nodejs | 3 Debian Linux, Nghttp2, Node.js | 2025-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1. | |||||
| CVE-2017-12652 | 2 Libpng, Netapp | 2 Libpng, Active Iq Unified Manager | 2025-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| libpng before 1.6.32 does not properly check the length of chunks against the user limit. | |||||
| CVE-2016-2781 | 1 Gnu | 1 Coreutils | 2025-06-09 | 2.1 LOW | 4.6 MEDIUM |
| chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | |||||
| CVE-2022-42012 | 2 Fedoraproject, Freedesktop | 2 Fedora, Dbus | 2025-06-09 | N/A | 6.5 MEDIUM |
| An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. | |||||
| CVE-2022-1271 | 4 Debian, Gnu, Redhat and 1 more | 4 Debian Linux, Gzip, Jboss Data Grid and 1 more | 2025-06-09 | N/A | 8.8 HIGH |
| An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. | |||||
| CVE-2025-5680 | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5679 | 2025-06-05 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-22027 | 1 Ays-pro | 1 Quiz Maker | 2025-06-05 | N/A | 6.5 MEDIUM |
| Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services. | |||||
| CVE-2022-20392 | 1 Google | 1 Android | 2025-06-05 | N/A | 7.8 HIGH |
| In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615 | |||||
| CVE-2020-16237 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2025-06-04 | 2.1 LOW | 2.1 LOW |
| Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | |||||
| CVE-2024-50305 | 1 Apache | 1 Traffic Server | 2025-06-04 | N/A | 7.5 HIGH |
| Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. | |||||
| CVE-2025-1701 | 2025-06-04 | N/A | N/A | ||
| CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally (listening on 127.0.0.1), limiting the attack vector to the local machine. This means that in a properly configured hospital environment, an attacker must have already compromised the network and additionally compromised the system where the MIM Admin service is running. From there, attackers with sufficient knowledge of MIM's implementation, library usage, and functionality with access to extend the MIM RMI library could force the MIM Admin service to run commands on the local machine with its privileges. Users of MIM Software products exposed via RDP or multi-user application virtualization system should take note that the system being exposed is the environment hosting the virtualized MIM client. This issue affects MIM Admin Service: before 7.2.13, 7.3.8, 7.4.3 | |||||
| CVE-2025-5499 | 2025-06-04 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-5552 | 2025-06-04 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5498 | 2025-06-04 | 6.5 MEDIUM | 5.5 MEDIUM | ||
| A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the argument cpage_custom leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-38479 | 1 Apache | 1 Traffic Server | 2025-06-03 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. | |||||
| CVE-2024-31309 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2025-06-03 | N/A | 7.5 HIGH |
| HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue. | |||||