Total
29686 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8896 | 3 Imagemagick, Oracle, Redhat | 9 Imagemagick, Linux, Enterprise Linux and 6 more | 2025-04-20 | 6.5 Medium |
| Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. | ||||
| CVE-2016-7478 | 1 Php | 1 Php | 2025-04-20 | N/A |
| Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. | ||||
| CVE-2016-6873 | 1 Facebook | 1 Hhvm | 2025-04-20 | N/A |
| Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | ||||
| CVE-2016-9392 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2025-04-20 | N/A |
| The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | ||||
| CVE-2017-2415 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion." | ||||
| CVE-2016-2337 | 1 Ruby-lang | 1 Ruby | 2025-04-20 | N/A |
| Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. | ||||
| CVE-2022-23523 | 1 Linux-loader Project | 1 Linux-loader | 2025-04-18 | 4 Medium |
| In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file. | ||||
| CVE-2022-43516 | 2 Microsoft, Zabbix | 2 Windows Firewall, Zabbix | 2025-04-18 | 6.5 Medium |
| A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI) | ||||
| CVE-2022-20550 | 1 Google | 1 Android | 2025-04-18 | 7.8 High |
| In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514 | ||||
| CVE-2022-20515 | 1 Google | 1 Android | 2025-04-18 | 5.5 Medium |
| In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496 | ||||
| CVE-2022-31708 | 1 Vmware | 1 Vrealize Operations | 2025-04-18 | 4.9 Medium |
| vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. | ||||
| CVE-2023-51661 | 1 Wasmer | 1 Wasmer | 2025-04-17 | 8.4 High |
| Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4. | ||||
| CVE-2022-3917 | 1 Motorola | 2 Moto E20, Moto E20 Firmware | 2025-04-17 | 4.6 Medium |
| Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data. | ||||
| CVE-2022-1741 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2025-04-17 | 6.8 Medium |
| The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code. | ||||
| CVE-2022-1740 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2025-04-17 | 4.6 Medium |
| The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to disguise malicious applications on a device. | ||||
| CVE-2021-38417 | 1 Visam | 1 Vbase Web-remote | 2025-04-17 | 7.4 High |
| VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing. | ||||
| CVE-2021-27497 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-17 | 6.5 Medium |
| Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | ||||
| CVE-2021-27493 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-17 | 6.1 Medium |
| Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. | ||||
| CVE-2022-43486 | 1 Buffalo | 26 Wcr-1166ds, Wcr-1166ds Firmware, Wex-1800ax4 and 23 more | 2025-04-17 | 6.8 Medium |
| Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. | ||||
| CVE-2025-2921 | 1 Netis-systems | 2 Netis Wf-2404, Netis Wf-2404 Firmware | 2025-04-17 | 6.4 Medium |
| A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Affected is an unknown function of the file /etc/passwd. The manipulation with the input Realtek leads to use of default password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||