Latest CVE Feed
-
7.5
HIGHCVE-2024-9823
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory... Read more
- Published: Oct. 14, 2024
- Modified: Jul. 30, 2025
-
4.4
MEDIUMCVE-2023-20092
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on ... Read more
- Published: Nov. 15, 2024
- Modified: Jul. 30, 2025
-
9.8
CRITICALCVE-2024-7099
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete... Read more
- Published: Oct. 13, 2024
- Modified: Jul. 30, 2025
-
8.6
HIGHCVE-2024-2398
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the ... Read more
Affected Products : fedora curl active_iq_unified_manager ontap_select_deploy_administration_utility macos h300s_firmware h500s_firmware h700s_firmware h410s_firmware bootstrap_os +12 more products- Published: Mar. 27, 2024
- Modified: Jul. 30, 2025
-
6.5
MEDIUMCVE-2024-2466
libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, ther... Read more
Affected Products : curl macos h300s_firmware h500s_firmware h700s_firmware h410s_firmware bootstrap_os hci_compute_node h300s h410s +2 more products- Published: Mar. 27, 2024
- Modified: Jul. 30, 2025
-
6.5
MEDIUMCVE-2024-8096
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If th... Read more
Affected Products : debian_linux curl active_iq_unified_manager ontap_select_deploy_administration_utility h300s_firmware h500s_firmware h700s_firmware h410s_firmware bootstrap_os hci_compute_node +5 more products- Published: Sep. 11, 2024
- Modified: Jul. 30, 2025
-
3.5
LOWCVE-2024-2004
When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.s... Read more
Affected Products : fedora curl ontap_select_deploy_administration_utility macos h300s_firmware h500s_firmware h700s_firmware h410s_firmware bootstrap_os hci_compute_node +5 more products- Published: Mar. 27, 2024
- Modified: Jul. 30, 2025
-
6.3
MEDIUMCVE-2024-2379
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certi... Read more
Affected Products : curl active_iq_unified_manager ontap_select_deploy_administration_utility macos h300s_firmware h500s_firmware h700s_firmware h410s_firmware bootstrap_os h615c_firmware +10 more products- Published: Mar. 27, 2024
- Modified: Jul. 30, 2025
-
3.4
LOWCVE-2025-0167
When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default... Read more
- Published: Feb. 05, 2025
- Modified: Jul. 30, 2025
-
4.8
MEDIUMCVE-2025-5025
libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, f... Read more
Affected Products : curl- Published: May. 28, 2025
- Modified: Jul. 30, 2025
-
7.5
HIGHCVE-2025-5399
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the ... Read more
Affected Products : curl- Published: Jun. 07, 2025
- Modified: Jul. 30, 2025
-
9.8
CRITICALCVE-2025-0665
libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.... Read more
Affected Products : curl h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware bootstrap_os hci_compute_node h300s h410s +3 more products- Published: Feb. 05, 2025
- Modified: Jul. 30, 2025
-
6.2
MEDIUMCVE-2025-31181
A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.... Read more
- Published: Mar. 27, 2025
- Modified: Jul. 30, 2025
-
6.2
MEDIUMCVE-2025-31180
A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.... Read more
- Published: Mar. 27, 2025
- Modified: Jul. 30, 2025
-
6.2
MEDIUMCVE-2025-31179
A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.... Read more
- Published: Mar. 27, 2025
- Modified: Jul. 30, 2025
-
6.2
MEDIUMCVE-2025-31178
A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.... Read more
- Published: Mar. 27, 2025
- Modified: Jul. 30, 2025
-
6.2
MEDIUMCVE-2025-31176
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.... Read more
- Published: Mar. 27, 2025
- Modified: Jul. 30, 2025
-
7.8
HIGHCVE-2024-9858
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" com... Read more
Affected Products : migrate_to_containers- Published: Oct. 16, 2024
- Modified: Jul. 30, 2025
-
7.2
HIGHCVE-2023-0669
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.... Read more
Affected Products : goanywhere_managed_file_transfer- Actively Exploited
- EPSS Score: %94.38
- Published: Feb. 06, 2023
- Modified: Jul. 30, 2025
-
3.3
LOWCVE-2023-26083
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Dri... Read more
- Actively Exploited
- EPSS Score: %0.39
- Published: Apr. 06, 2023
- Modified: Jul. 30, 2025