Total
33598 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49555 | 1 Yasm Project | 1 Yasm | 2025-06-17 | 5.5 Medium |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. | ||||
| CVE-2023-48135 | 1 Linecorp | 1 Line | 2025-06-17 | 5.4 Medium |
| An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-48131 | 1 Linecorp | 1 Line | 2025-06-17 | 5.4 Medium |
| An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-41603 | 1 Dlink | 2 R15, R15 Firmware | 2025-06-17 | 5.3 Medium |
| D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6. | ||||
| CVE-2023-33295 | 1 Cohesity | 1 Cohesity Dataplatform | 2025-06-17 | 6.5 Medium |
| Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation. | ||||
| CVE-2023-52032 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-17 | 9.8 Critical |
| TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. | ||||
| CVE-2024-20957 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-06-17 | 2.7 Low |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Package Build SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2024-21616 | 1 Juniper | 1 Junos | 2025-06-17 | 7.5 High |
| An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition. NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage source-pool <source_pool_name> Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. | ||||
| CVE-2024-23676 | 1 Splunk | 2 Cloud, Splunk | 2025-06-17 | 4.6 Medium |
| In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit. | ||||
| CVE-2023-52106 | 1 Huawei | 1 Harmonyos | 2025-06-17 | 4.4 Medium |
| Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. | ||||
| CVE-2023-52041 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-06-17 | 9.8 Critical |
| An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program. | ||||
| CVE-2023-51906 | 1 Yonyou | 1 Yonbip | 2025-06-17 | 9.8 Critical |
| An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component. | ||||
| CVE-2024-23824 | 1 Mailcow | 1 Mailcow\ | 2025-06-17 | 4.7 Medium |
| mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01. | ||||
| CVE-2024-29862 | 1 Chirpstack | 4 Gateway-bridge, Gateway Bridge, Mqtt-forwarder and 1 more | 2025-06-17 | 7.5 High |
| The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state. | ||||
| CVE-2024-23900 | 2 Jenkins, Redhat | 2 Matrix Project, Ocp Tools | 2025-06-16 | 4.3 Medium |
| Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers. | ||||
| CVE-2024-23740 | 1 Getkap | 1 Kap | 2025-06-16 | 9.8 Critical |
| An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | ||||
| CVE-2024-22076 | 1 Myq-solution | 1 Print Server | 2025-06-16 | 9.8 Critical |
| MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface. | ||||
| CVE-2023-49549 | 1 Cesanta | 1 Mjs | 2025-06-16 | 7.5 High |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. | ||||
| CVE-2023-35837 | 1 Solax | 2 Pocket Wifi 3, Pocket Wifi 3 Firmware | 2025-06-16 | 9.8 Critical |
| An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges. | ||||
| CVE-2023-37522 | 1 Hcltechsw | 1 Bigfix Bare Osd Metal Server Webui | 2025-06-16 | 5.6 Medium |
| HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser. | ||||