Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6468 | 1 Hashicorp | 1 Vault | 2025-08-13 | N/A | 7.5 HIGH |
| Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service. While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur. Fixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12. | |||||
| CVE-2025-43240 | 1 Apple | 2 Macos, Safari | 2025-08-01 | N/A | 6.2 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated. | |||||
| CVE-2025-24188 | 1 Apple | 2 Macos, Safari | 2025-07-31 | N/A | 6.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. | |||||
| CVE-2025-54134 | 1 Psu | 1 Haxcms-nodejs | 2025-07-30 | N/A | 6.5 MEDIUM |
| HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. This vulnerability exists because the application does not properly handle exceptions which occur as a result of changes to user-modifiable URL parameters. This is fixed in version 11.0.9. | |||||
| CVE-2024-38435 | 1 Unitronics | 1 Visilogic | 2025-07-21 | N/A | 6.5 MEDIUM |
| Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service | |||||
| CVE-2024-10781 | 1 Cleantalk | 1 Spam Protection\, Antispam\, Firewall | 2025-07-12 | N/A | 8.1 HIGH |
| The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. | |||||
| CVE-2023-45927 | 1 Jedsoft | 1 S-lang | 2025-05-30 | N/A | 9.1 CRITICAL |
| S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf(). | |||||
| CVE-2022-41589 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.5 HIGH |
| The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability. | |||||
| CVE-2021-42205 | 1 Lenovo | 1 Elan Miniport Touchpad Driver | 2025-05-02 | N/A | 4.7 MEDIUM |
| ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. | |||||
| CVE-2022-41777 | 1 Kujirahand | 1 Nadesiko3 | 2025-04-24 | N/A | 7.5 HIGH |
| Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash. | |||||
| CVE-2024-47215 | 1 Snowplow | 1 Snowbridge | 2025-04-23 | N/A | 7.5 HIGH |
| An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forwarding events to GTM SS overall can be affected (latency, throughput). | |||||
| CVE-2022-34472 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 4.3 MEDIUM |
| If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | |||||
| CVE-2025-3084 | 2025-04-01 | N/A | 6.5 MEDIUM | ||
| When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4 | |||||
| CVE-2024-39945 | 1 Dahuasecurity | 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more | 2025-03-27 | N/A | 4.9 MEDIUM |
| A vulnerability has been found in Dahua products. After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash. | |||||
| CVE-2024-50954 | 2025-03-20 | N/A | 7.5 HIGH | ||
| The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network (LAN), sending a specific Modbus message to the controller can cause the PLC to crash, interrupting the normal operation of the programs running in the PLC. This results in the ERR indicator light turning on and the RUN indicator light turning off. | |||||
| CVE-2024-25741 | 1 Linux | 1 Linux Kernel | 2025-03-13 | N/A | 5.5 MEDIUM |
| printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact. | |||||
| CVE-2023-21026 | 1 Google | 1 Android | 2025-02-25 | N/A | 5.5 MEDIUM |
| In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548 | |||||
| CVE-2023-21036 | 1 Google | 1 Android | 2025-02-25 | N/A | 5.5 MEDIUM |
| In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A | |||||
| CVE-2024-39514 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-02-07 | N/A | 6.5 MEDIUM |
| An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition. This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled. This issue affects Junos OS: * All versions before 20.4R3-S10, * from 21.4 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved: * All versions before 20.4R3-S10-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. | |||||
| CVE-2025-24371 | 2025-02-03 | N/A | N/A | ||
| CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send their `base` and `latest` heights when they connect to a new node (`A`), which is syncing to the tip of a network. `base` acts as a lower ground and informs `A` that the peer only has blocks starting from height `base`. `latest` height informs `A` about the latest block in a network. Normally, nodes would only report increasing heights. If `B` fails to provide the latest block, `B` is removed and the `latest` height (target height) is recalculated based on other nodes `latest` heights. The existing code however doesn't check for the case where `B` first reports `latest` height `X` and immediately after height `Y`, where `X > Y`. `A` will be trying to catch up to 2000 indefinitely. This condition requires the introduction of malicious code in the full node first reporting some non-existing `latest` height, then reporting lower `latest` height and nodes which are syncing using `blocksync` protocol. This issue has been patched in versions 1.0.1 and 0.38.17 and all users are advised to upgrade. Operators may attempt to ban malicious peers from the network as a workaround. | |||||