Total
4724 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4252 | 1 Openssl | 1 Openssl | 2025-04-11 | N/A |
| OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. | ||||
| CVE-2012-2351 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2025-04-11 | N/A |
| The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. | ||||
| CVE-2012-3416 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2025-04-11 | N/A |
| Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname. | ||||
| CVE-2013-1858 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process. | ||||
| CVE-2012-5519 | 3 Apple, Debian, Redhat | 3 Cups, Debian Linux, Enterprise Linux | 2025-04-11 | N/A |
| CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. | ||||
| CVE-2013-4316 | 2 Apache, Oracle | 4 Struts, Flexcube Private Banking, Mysql Enterprise Monitor and 1 more | 2025-04-11 | N/A |
| Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. | ||||
| CVE-2022-47037 | 1 Siklu | 10 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 7 more | 2025-04-10 | 7.5 High |
| Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials. | ||||
| CVE-2022-47634 | 1 Isode | 1 M-link | 2025-04-10 | 8.1 High |
| M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867. | ||||
| CVE-2022-4807 | 1 Usememos | 1 Memos | 2025-04-10 | 4.3 Medium |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4809 | 1 Usememos | 1 Memos | 2025-04-10 | 8.8 High |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4689 | 1 Usememos | 1 Memos | 2025-04-10 | 8.8 High |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2024-37567 | 1 Infoblox | 1 Nios | 2025-04-10 | 9.1 Critical |
| Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. | ||||
| CVE-2024-37566 | 1 Infoblox | 1 Nios | 2025-04-10 | 9.8 Critical |
| Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. | ||||
| CVE-2022-4810 | 1 Usememos | 1 Memos | 2025-04-10 | 4.3 Medium |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4814 | 1 Usememos | 1 Memos | 2025-04-10 | 4.3 Medium |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-47543 | 1 Siren | 1 Investigate | 2025-04-10 | 5.3 Medium |
| An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects. | ||||
| CVE-2022-38184 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 7.5 High |
| There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs. | ||||
| CVE-2025-2973 | 1 Code-projects | 1 College Management System | 2025-04-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects College Management System 1.0. This affects an unknown part of the file /Admin/student.php. The manipulation of the argument profile_image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-24486 | 2 Silex, Silextechnology | 3 Ds-600 Firmware, Ds-600, Ds-600 Firmware | 2025-04-10 | 9.1 Critical |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command. | ||||
| CVE-2024-24487 | 2 Silex, Silextechnology | 3 Ds-600 Firmware, Ds-600, Ds-600 Firmware | 2025-04-10 | 6.8 Medium |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command. | ||||