Total
12840 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20525 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2025-04-07 | 6.5 Medium |
| Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. | ||||
| CVE-2023-20522 | 1 Amd | 4 Milanpi, Milanpi Firmware, Romepi and 1 more | 2025-04-07 | 7.5 High |
| Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service. | ||||
| CVE-2025-31488 | 2025-04-07 | N/A | ||
| Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE background to access the specified webpage without knowing it. This vulnerability is fixed in 2.9.3. | ||||
| CVE-2025-3068 | 1 Google | 1 Chrome | 2025-04-07 | 8.8 High |
| Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-3070 | 1 Google | 1 Chrome | 2025-04-07 | 6.5 Medium |
| Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-5276 | 1 Fortra | 1 Filecatalyst Workflow | 2025-04-04 | 9.8 Critical |
| A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier. | ||||
| CVE-2024-20484 | 1 Cisco | 1 Enterprise Chat And Email | 2025-04-04 | 7.5 High |
| A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources > Services > Unified CCE > EAAS, then click Start. | ||||
| CVE-2022-34435 | 1 Dell | 2 Idrac9, Idrac9 Firmware | 2025-04-03 | 2.7 Low |
| Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. | ||||
| CVE-2022-32490 | 1 Dell | 6 Edge Gateway 3000, Edge Gateway 3000 Firmware, Edge Gateway 5000 and 3 more | 2025-04-03 | 7.5 High |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2022-34460 | 1 Dell | 52 G5 Se 5505, G5 Se 5505 Firmware, Inspiron 27 7775 and 49 more | 2025-04-03 | 7.5 High |
| Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2022-34393 | 1 Dell | 52 G5 Se 5505, G5 Se 5505 Firmware, Inspiron 27 7775 and 49 more | 2025-04-03 | 7.5 High |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2022-34436 | 1 Dell | 2 Idrac8, Idrac8 Firmware | 2025-04-03 | 2.7 Low |
| Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. | ||||
| CVE-2022-45875 | 1 Apache | 1 Dolphinscheduler | 2025-04-03 | 9.8 Critical |
| Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS. | ||||
| CVE-2019-5598 | 1 Freebsd | 1 Freebsd | 2025-04-03 | N/A |
| In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable. | ||||
| CVE-2003-1463 | 2 Alt-n, Microsoft | 2 Webadmin, All Windows | 2025-04-03 | N/A |
| Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. | ||||
| CVE-2006-3633 | 1 Ossp | 1 Shiela | 2025-04-03 | N/A |
| OSSP shiela 1.1.5 and earlier allows remote authenticated users to execute arbitrary commands on the CVS server via shell metacharacters in a filename that is committed. | ||||
| CVE-2006-3451 | 1 Microsoft | 1 Ie | 2025-04-03 | N/A |
| Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2003-1402 | 1 Kietu | 1 Kietu | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015. | ||||
| CVE-2004-1386 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-03 | N/A |
| TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200. | ||||
| CVE-2002-1663 | 1 Monkey-project | 1 Monkey | 2025-04-03 | N/A |
| The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value. | ||||