Latest CVE Feed
-
4.1
MEDIUMCVE-2018-2773
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attack... Read more
- Published: Apr. 19, 2018
- Modified: Nov. 21, 2024
-
4.1
MEDIUMCVE-2024-30146
Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem.... Read more
Affected Products :- Published: Apr. 30, 2025
- Modified: May. 02, 2025
- Vuln Type: Authorization
-
4.1
MEDIUMCVE-2025-23185
Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access ... Read more
Affected Products :- Published: Mar. 11, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Information Disclosure
-
4.1
MEDIUMCVE-2023-46840
Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen. ... Read more
Affected Products : xen- Published: Mar. 20, 2024
- Modified: Nov. 21, 2024
-
4.1
MEDIUMCVE-2006-6509
Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.... Read more
Affected Products : sitekiosk- Published: Dec. 14, 2006
- Modified: Apr. 09, 2025
-
4.1
MEDIUMCVE-2022-20805
A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to ... Read more
- Published: Apr. 21, 2022
- Modified: Nov. 21, 2024
-
4.1
MEDIUMCVE-2022-32645
In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494477; Issue ID: ALPS074... Read more
- Published: Jan. 03, 2023
- Modified: Apr. 10, 2025
-
4.1
MEDIUMCVE-2023-52870
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.... Read more
Affected Products : linux_kernel- Published: May. 21, 2024
- Modified: Apr. 02, 2025
-
4.1
MEDIUMCVE-2024-37663
Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.... Read more
- Published: Jun. 17, 2024
- Modified: Jul. 09, 2025
-
4.1
MEDIUMCVE-2020-25284
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.... Read more
- Published: Sep. 13, 2020
- Modified: Nov. 21, 2024
-
4.1
MEDIUMCVE-2020-25656
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerabilit... Read more
- Published: Dec. 02, 2020
- Modified: Nov. 21, 2024
-
4.1
MEDIUMCVE-2019-2535
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure whe... Read more
- Published: Jan. 16, 2019
- Modified: Nov. 21, 2024
-
4.1
MEDIUMCVE-2016-8017
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.... Read more
Affected Products : virusscan_enterprise- Published: Mar. 14, 2017
- Modified: Apr. 20, 2025
-
4.1
MEDIUMCVE-2010-0306
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of s... Read more
Affected Products : kvm- Published: Feb. 12, 2010
- Modified: Apr. 11, 2025
-
4.1
MEDIUMCVE-2024-12109
The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more
Affected Products : product_labels_for_woocommerce_\(sale_badges\)- Published: Mar. 25, 2025
- Modified: Apr. 29, 2025
- Vuln Type: Injection
-
4.1
MEDIUMCVE-2024-1544
Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by d... Read more
Affected Products : wolfssl- Published: Aug. 27, 2024
- Modified: Aug. 28, 2024
-
4.1
MEDIUMCVE-2015-4874
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next... Read more
- Published: Oct. 21, 2015
- Modified: Apr. 12, 2025
-
4.1
MEDIUMCVE-2024-31843
An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.... Read more
Affected Products : embrace- Published: May. 23, 2024
- Modified: May. 21, 2025
-
4.1
MEDIUMCVE-2020-4640
Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logg... Read more
Affected Products : api_connect- Published: Feb. 04, 2021
- Modified: Nov. 21, 2024
-
4.1
MEDIUMCVE-2024-32028
OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoin... Read more
Affected Products :- Published: Apr. 12, 2024
- Modified: Nov. 21, 2024