Total
291870 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52922 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 6.5 MEDIUM |
| In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification. | |||||
| CVE-2024-52920 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 7.5 HIGH |
| Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message. | |||||
| CVE-2024-52921 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 5.3 MEDIUM |
| In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. | |||||
| CVE-2024-52919 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 6.5 MEDIUM |
| Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages. | |||||
| CVE-2025-46236 | 1 Ibericode | 1 Html Forms | 2025-04-30 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2. | |||||
| CVE-2024-52917 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 6.5 MEDIUM |
| Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device. | |||||
| CVE-2024-52916 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 7.5 HIGH |
| Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers. | |||||
| CVE-2024-52915 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 7.5 HIGH |
| Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message. | |||||
| CVE-2024-52914 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 7.5 HIGH |
| In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction. | |||||
| CVE-2025-45021 | 2025-04-30 | N/A | 5.3 MEDIUM | ||
| A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands. | |||||
| CVE-2025-45011 | 2025-04-30 | N/A | 5.3 MEDIUM | ||
| A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter. | |||||
| CVE-2025-45010 | 2025-04-30 | N/A | 5.3 MEDIUM | ||
| A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters. | |||||
| CVE-2025-45009 | 2025-04-30 | N/A | 5.3 MEDIUM | ||
| A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata parameter. | |||||
| CVE-2025-32974 | 2025-04-30 | N/A | 9.0 CRITICAL | ||
| XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed after a user with script, admin, or programming rights edited the page. Such a malicious script could impact the confidentiality, integrity and availability of the whole XWiki installation. This issue has been patched in versions 15.10.8 and 16.2.0. | |||||
| CVE-2025-32973 | 2025-04-30 | N/A | 9.0 CRITICAL | ||
| XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and contains an XWiki.ComponentClass, there is no warning that this will grant programming rights to this object. An attacker who created such a malicious object could use this to gain programming rights on the wiki. For this, the attacker needs to have edit rights on at least one page to place this object and then get an admin user to edit that document. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1. | |||||
| CVE-2025-32972 | 2025-04-30 | N/A | 2.7 LOW | ||
| XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, making it possible to clean the cache without having programming right. The only impact of this is a slowdown in XWiki execution as the caches are re-filled. As this vulnerability requires script right to exploit, and script right already allows unlimited execution of scripts, the additional impact due to this vulnerability is low. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1. | |||||
| CVE-2025-32971 | 2025-04-30 | N/A | 3.8 LOW | ||
| XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's scripting API normally requires programming rights to be called. Due to using the wrong API for checking rights, it doesn't take the fact into account that programming rights might have been dropped by calling `$xcontext.dropPermissions()`. If some code relies on this for the safety of executing Velocity code with the wrong author context, this could allow a user with script rights to either cause a high load by indexing documents or to temporarily remove documents from the search index. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0-rc-1. | |||||
| CVE-2025-32970 | 2025-04-30 | N/A | 6.1 MEDIUM | ||
| XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that redirects to any URL. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0. | |||||
| CVE-2025-31203 | 2025-04-30 | N/A | 6.5 MEDIUM | ||
| An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service. | |||||
| CVE-2025-31197 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-30 | N/A | 5.7 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination. | |||||