Total
32155 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45003 | 1 Getgophish | 1 Gophish | 2025-02-25 | N/A | 7.5 HIGH |
| Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus. | |||||
| CVE-2025-0318 | 1 Ultimatemember | 1 Ultimate Member | 2025-02-25 | N/A | 5.3 MEDIUM |
| The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table. | |||||
| CVE-2024-43583 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-25 | N/A | 7.8 HIGH |
| Winlogon Elevation of Privilege Vulnerability | |||||
| CVE-2023-28758 | 1 Veritas | 1 Netbackup | 2025-02-25 | N/A | 7.1 HIGH |
| An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files. | |||||
| CVE-2024-13641 | 1 Wpswings | 1 Return Refund And Exchange For Woocommerce | 2025-02-25 | N/A | 5.9 MEDIUM |
| The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/attachment directory which can contain file attachments for order refunds. | |||||
| CVE-2024-13794 | 1 Wpplugins | 1 Hide My Wp Ghost | 2025-02-25 | N/A | 5.3 MEDIUM |
| The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discover the hidden login page location. | |||||
| CVE-2024-13821 | 1 Wpbookingcalendar | 1 Booking Calendar | 2025-02-25 | N/A | 5.3 MEDIUM |
| The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This makes it possible for unauthenticated attackers to manipulate their confirmed bookings, even after they have been approved. | |||||
| CVE-2024-2424 | 1 Rockwellautomation | 2 5015-aenftxt, 5015-aenftxt Firmware | 2025-02-25 | N/A | 7.5 HIGH |
| An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required. Additionally, a malformed PTP packet is needed to exploit this vulnerability. | |||||
| CVE-2022-25899 | 1 Intel | 1 Open Active Management Technology Cloud Toolkit | 2025-02-25 | N/A | 9.8 CRITICAL |
| Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-20962 | 1 Google | 1 Android | 2025-02-25 | N/A | 5.5 MEDIUM |
| In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256590210 | |||||
| CVE-2023-20559 | 1 Amd | 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more | 2025-02-25 | N/A | 8.8 HIGH |
| Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. | |||||
| CVE-2024-28072 | 1 Solarwinds | 1 Serv-u | 2025-02-25 | N/A | 5.7 MEDIUM |
| A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. | |||||
| CVE-2025-21183 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-02-25 | N/A | 7.4 HIGH |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | |||||
| CVE-2025-21182 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-02-25 | N/A | 7.4 HIGH |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-21027 | 1 Google | 1 Android | 2025-02-25 | N/A | 7.5 HIGH |
| In multiple functions of PasspointXmlUtils.java, there is a possible authentication misconfiguration due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216854451 | |||||
| CVE-2023-21026 | 1 Google | 1 Android | 2025-02-25 | N/A | 5.5 MEDIUM |
| In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548 | |||||
| CVE-2023-21024 | 1 Google | 1 Android | 2025-02-25 | N/A | 7.8 HIGH |
| In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246543238 | |||||
| CVE-2023-20971 | 1 Google | 1 Android | 2025-02-25 | N/A | 7.8 HIGH |
| In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-20861 | 1 Vmware | 1 Spring Framework | 2025-02-25 | N/A | 6.5 MEDIUM |
| In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | |||||
| CVE-2023-21040 | 1 Google | 1 Android | 2025-02-25 | N/A | 7.8 HIGH |
| In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238420277References: N/A | |||||