Total
12848 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23202 | 2025-02-12 | N/A | ||
| Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to manipulate the API request URLs, potentially leading to unauthorized access or data tampering. This issue has been addressed in version 0.0.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-30450 | 1 Redpanda | 1 Redpanda | 2025-02-12 | 4.3 Medium |
| rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches. | ||||
| CVE-2024-2339 | 1 Dalibo | 2 Anonymizer, Postgresql Anonymizer | 2025-02-12 | 8 High |
| PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3. | ||||
| CVE-2023-22916 | 1 Zyxel | 36 Atp100, Atp100 Firmware, Atp100w and 33 more | 2025-02-12 | 8.1 High |
| The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode. | ||||
| CVE-2023-21504 | 1 Samsung | 1 Android | 2025-02-12 | 5.6 Medium |
| Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | ||||
| CVE-2023-21503 | 1 Samsung | 2 Android, Exynos | 2025-02-12 | 5.6 Medium |
| Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | ||||
| CVE-2023-21502 | 1 Samsung | 1 Android | 2025-02-12 | 5.7 Medium |
| Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands. | ||||
| CVE-2023-21501 | 1 Samsung | 1 Android | 2025-02-12 | 8.2 High |
| Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2023-21498 | 1 Samsung | 1 Android | 2025-02-12 | 6 Medium |
| Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory. | ||||
| CVE-2023-21494 | 1 Samsung | 2 Android, Exynos | 2025-02-12 | 5.6 Medium |
| Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | ||||
| CVE-2024-0112 | 2025-02-12 | 7.5 High | ||
| NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree. A successful exploit of this vulnerability might lead to code execution, denial of service, data corruption, information disclosure, or escalation of privilege. | ||||
| CVE-2022-47188 | 1 Generex | 2 Cs141, Cs141 Firmware | 2025-02-12 | 7.5 High |
| There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. | ||||
| CVE-2022-47189 | 1 Generex | 2 Cs141, Cs141 Firmware | 2025-02-12 | 7.5 High |
| Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device. | ||||
| CVE-2023-28731 | 1 Acymailing | 1 Acymailing | 2025-02-11 | 9.8 Critical |
| AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. | ||||
| CVE-2023-28732 | 1 Acymailing | 1 Acymailing | 2025-02-11 | 6.5 Medium |
| Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0. | ||||
| CVE-2023-28733 | 1 Acymailing | 1 Acymailing | 2025-02-11 | 7.2 High |
| AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. | ||||
| CVE-2022-47190 | 1 Generex | 2 Cs141, Cs141 Firmware | 2025-02-11 | 10 Critical |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. | ||||
| CVE-2022-47191 | 1 Generex | 2 Cs141, Cs141 Firmware | 2025-02-11 | 4.3 Medium |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. | ||||
| CVE-2022-47192 | 1 Generex | 2 Cs141, Cs141 Firmware | 2025-02-11 | 8.8 High |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password. | ||||
| CVE-2023-26070 | 1 Lexmark | 217 6500e, B2236, B2338 and 214 more | 2025-02-11 | 9.8 Critical |
| Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4). | ||||