Total
12561 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50694 | 1 Dom96 | 1 Httpbeast | 2025-06-17 | 9.8 Critical |
| An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component. | ||||
| CVE-2024-33792 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | 9.8 Critical |
| netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | ||||
| CVE-2023-28743 | 1 Intel | 8 Nuc 9 Pro Compute Element Nuc9v7qnb, Nuc 9 Pro Compute Element Nuc9v7qnb Firmware, Nuc 9 Pro Compute Element Nuc9v7qnx and 5 more | 2025-06-17 | 7.5 High |
| Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-23676 | 1 Splunk | 2 Cloud, Splunk | 2025-06-17 | 4.6 Medium |
| In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit. | ||||
| CVE-2025-4905 | 1 Washington | 1 Basestation | 2025-06-12 | 5.3 Medium |
| A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far. | ||||
| CVE-2025-3116 | 2025-06-12 | 6.5 Medium | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. | ||||
| CVE-2025-4680 | 2025-06-12 | N/A | ||
| Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0. | ||||
| CVE-2025-0037 | 2025-06-12 | 6.6 Medium | ||
| In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality. | ||||
| CVE-2025-3898 | 2025-06-12 | 6.5 Medium | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver. | ||||
| CVE-2025-0052 | 2025-06-12 | N/A | ||
| Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service. | ||||
| CVE-2024-1244 | 2025-06-12 | N/A | ||
| Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. | ||||
| CVE-2024-1243 | 2025-06-12 | N/A | ||
| Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. | ||||
| CVE-2023-39456 | 2 Apache, Fedoraproject | 2 Traffic Server, Fedora | 2025-06-12 | 7.5 High |
| Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue. | ||||
| CVE-2023-38720 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-06-12 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616. | ||||
| CVE-2023-5044 | 1 Kubernetes | 1 Ingress-nginx | 2025-06-12 | 7.6 High |
| Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | ||||
| CVE-2023-5964 | 1 1e | 1 Platform | 2025-06-12 | 9.9 Critical |
| The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients. To remediate this issue DELETE the instruction “Show dialogue with caption %Caption% and message %Message%” from the list of instructions in the Settings UI, and replace it with the new instruction 1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as “Show %Type% type notification with header %Header% and message %Message%” with a version of 7.1 or above. | ||||
| CVE-2025-47888 | 1 Jenkins | 1 Dingtalk | 2025-06-12 | 5.9 Medium |
| Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. | ||||
| CVE-2023-27519 | 1 Intel | 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more | 2025-06-11 | 6.9 Medium |
| Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-48310 | 2 Nc3, Nc3 Lu | 2 Testing Platform, Testing Platform | 2025-06-11 | 9.1 Critical |
| TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue. | ||||
| CVE-2024-27447 | 1 Pretix | 1 Pretix | 2025-06-11 | 9.8 Critical |
| pretix before 2024.1.1 mishandles file validation. | ||||