Total
583 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4867 | 1 Tenda | 2 A15, A15 Firmware | 2025-06-24 | 6.5 Medium |
| A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as problematic. Affected by this vulnerability is the function formArpNerworkSet of the file /goform/ArpNerworkSet. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4287 | 1 Pytorch | 1 Pytorch | 2025-06-24 | 3.3 Low |
| A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-5324 | 1 Techpowerup | 1 Gpu-z | 2025-06-24 | 3.3 Low |
| A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the library GPU-Z.sys of the component 0x8000645C IOCTL Handler. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1925 | 1 Open5gs | 1 Open5gs | 2025-06-23 | 5.3 Medium |
| A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsmf_pdusession_handle_update_sm_context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. This vulnerability allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-5031 | 1 Ackites | 1 Killwxapkg | 2025-06-23 | 3.1 Low |
| A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-25899 | 1 Tp-link | 2 Tl-wr841nd V11, Tl-wr841nd V11 Firmware | 2025-06-20 | 3.5 Low |
| A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2024-42152 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-06-19 | 4.7 Medium |
| In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we know that a ctrl was allocated (in the admin connect request handler) and we need to release pending AERs, clear ctrl->sqs and sq->ctrl (for nvme-loop primarily), and drop the final reference on the ctrl. However, a small window is possible where nvmet_sq_destroy starts (as a result of the client giving up and disconnecting) concurrently with the nvme admin connect cmd (which may be in an early stage). But *before* kill_and_confirm of sq->ref (i.e. the admin connect managed to get an sq live reference). In this case, sq->ctrl was allocated however after it was captured in a local variable in nvmet_sq_destroy. This prevented the final reference drop on the ctrl. Solve this by re-capturing the sq->ctrl after all inflight request has completed, where for sure sq->ctrl reference is final, and move forward based on that. This issue was observed in an environment with many hosts connecting multiple ctrls simoutanuosly, creating a delay in allocating a ctrl leading up to this race window. | ||||
| CVE-2023-5324 | 1 Eero | 1 Eeroos | 2025-06-18 | 4.3 Medium |
| A vulnerability has been found in eeroOS up to 6.16.4-11 and classified as critical. This vulnerability affects unknown code of the component Ethernet Interface. The manipulation leads to denial of service. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241024. | ||||
| CVE-2024-1190 | 1 Globalscape | 1 Cuteftp | 2025-06-17 | 3.3 Low |
| A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1016 | 1 Flexbyte | 1 Solar Ftp Server | 2025-06-17 | 5.3 Medium |
| A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been declared as problematic. This vulnerability affects unknown code of the component PASV Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252286 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0885 | 1 Spycamlizard | 1 Spycamlizard | 2025-06-17 | 5.3 Medium |
| A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252036. | ||||
| CVE-2024-0725 | 2 Microsoft, Prosshd | 2 Windows, Prosshd | 2025-06-17 | 5.3 Medium |
| A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548. | ||||
| CVE-2024-0695 | 1 Easy Chat Server Project | 1 Easy Chat Server | 2025-06-17 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251480. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2021-4432 | 1 Pcman Ftp Server Project | 1 Pcman Ftp Server | 2025-06-17 | 5.3 Medium |
| A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as problematic. This affects an unknown part of the component USER Command Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250719. | ||||
| CVE-2024-3652 | 2 Libreswan, Redhat | 7 Libreswan, Enterprise Linux, Openshift and 4 more | 2025-06-17 | 6.5 Medium |
| The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. | ||||
| CVE-2024-0418 | 1 Upredsun | 1 File Sharing Wizard | 2025-06-17 | 5.3 Medium |
| A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-1186 | 1 Munsoft | 1 Easy Archive Recovery | 2025-06-10 | 3.3 Low |
| A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-34969 | 4 Debian, Fedoraproject, Freedesktop and 1 more | 5 Debian Linux, Fedora, Dbus and 2 more | 2025-06-09 | 6.5 Medium |
| D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. | ||||
| CVE-2025-1373 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 3.3 Low |
| A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-4749 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-06-03 | 7.5 High |
| A vulnerability classified as critical was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This vulnerability affects the function sub_4983B0 of the file /H5/backup.asp?opt=reset of the component Factory Reset Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||