Total
10391 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42661 | 1 Jfrog | 1 Artifactory | 2025-03-11 | N/A | 7.2 HIGH |
| JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts. | |||||
| CVE-2025-27494 | 2025-03-11 | N/A | 9.1 CRITICAL | ||
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. | |||||
| CVE-2025-27493 | 2025-03-11 | N/A | 8.2 HIGH | ||
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. | |||||
| CVE-2025-0660 | 2025-03-10 | N/A | N/A | ||
| Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting. | |||||
| CVE-2023-27373 | 1 Insyde | 1 Insydeh2o | 2025-03-07 | N/A | 5.5 MEDIUM |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM. | |||||
| CVE-2024-53031 | 1 Qualcomm | 52 Qam8255p, Qam8255p Firmware, Qam8295p and 49 more | 2025-03-07 | N/A | 7.8 HIGH |
| Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine. | |||||
| CVE-2024-53030 | 1 Qualcomm | 88 Msm8996au, Msm8996au Firmware, Qam8255p and 85 more | 2025-03-07 | N/A | 7.8 HIGH |
| Memory corruption while processing input message passed from FE driver. | |||||
| CVE-2025-2043 | 2025-03-06 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in LinZhaoguan pb-cms 1.0.0 and classified as critical. This issue affects some unknown processing of the file /admin#themes of the component Add New Topic Handler. The manipulation of the argument Topic Key leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-20644 | 2 Google, Mediatek | 33 Android, Mt6580, Mt6739 and 30 more | 2025-03-06 | N/A | 4.4 MEDIUM |
| In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628603; Issue ID: ALPS07628603. | |||||
| CVE-2023-20643 | 2 Google, Mediatek | 26 Android, Mt6739, Mt6761 and 23 more | 2025-03-06 | N/A | 6.7 MEDIUM |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628584; Issue ID: ALPS07628584. | |||||
| CVE-2023-20642 | 2 Google, Mediatek | 14 Android, Mt6879, Mt6895 and 11 more | 2025-03-06 | N/A | 6.7 MEDIUM |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628586; Issue ID: ALPS07628586. | |||||
| CVE-2023-20641 | 2 Google, Mediatek | 7 Android, Mt6879, Mt6895 and 4 more | 2025-03-06 | N/A | 6.7 MEDIUM |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629574; Issue ID: ALPS07629574. | |||||
| CVE-2023-20640 | 2 Google, Mediatek | 7 Android, Mt6879, Mt6895 and 4 more | 2025-03-06 | N/A | 6.7 MEDIUM |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629573; Issue ID: ALPS07629573. | |||||
| CVE-2023-20639 | 2 Google, Mediatek | 14 Android, Mt6879, Mt6895 and 11 more | 2025-03-06 | N/A | 6.7 MEDIUM |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628587; Issue ID: ALPS07628587. | |||||
| CVE-2023-20638 | 2 Google, Mediatek | 38 Android, Mt6739, Mt6753 and 35 more | 2025-03-06 | N/A | 6.7 MEDIUM |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628537; Issue ID: ALPS07628537. | |||||
| CVE-2023-20637 | 2 Google, Mediatek | 14 Android, Mt6879, Mt6895 and 11 more | 2025-03-06 | N/A | 6.7 MEDIUM |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588. | |||||
| CVE-2023-20636 | 2 Google, Mediatek | 5 Android, Mt6895, Mt6985 and 2 more | 2025-03-06 | N/A | 6.7 MEDIUM |
| In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593. | |||||
| CVE-2023-20634 | 2 Google, Mediatek | 27 Android, Mt6762, Mt6765 and 24 more | 2025-03-06 | N/A | 6.7 MEDIUM |
| In widevine, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07635697; Issue ID: ALPS07635697. | |||||
| CVE-2024-53022 | 1 Qualcomm | 46 Qam8255p, Qam8255p Firmware, Qam8295p and 43 more | 2025-03-06 | N/A | 7.8 HIGH |
| Memory corruption may occur during communication between primary and guest VM. | |||||
| CVE-2025-0764 | 1 Gvectors | 1 Wpforo Forum | 2025-03-06 | N/A | 6.5 MEDIUM |
| The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to read arbitrary files on the server. | |||||