Total
297978 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38824 | 2025-06-14 | 9.6 Critical | ||
| Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory. | ||||
| CVE-2025-6059 | 2025-06-14 | 4.3 Medium | ||
| The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validation on the 'OnAdminApi_CacheOpBegin' function. This makes it possible for unauthenticated attackers to perform several administrative actions, including deleting the cache, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-50150 | 2025-06-14 | N/A | ||
| Not used | ||||
| CVE-2025-50149 | 2025-06-14 | N/A | ||
| Not used | ||||
| CVE-2025-50148 | 2025-06-14 | N/A | ||
| Not used | ||||
| CVE-2025-50147 | 2025-06-14 | N/A | ||
| Not used | ||||
| CVE-2025-50146 | 2025-06-14 | N/A | ||
| Not used | ||||
| CVE-2025-50145 | 2025-06-14 | N/A | ||
| Not used | ||||
| CVE-2025-50144 | 2025-06-14 | N/A | ||
| Not used | ||||
| CVE-2025-50143 | 2025-06-14 | N/A | ||
| Not used | ||||
| CVE-2025-50142 | 2025-06-14 | N/A | ||
| Not used | ||||
| CVE-2025-33108 | 1 Ibm | 1 I | 2025-06-14 | 8.5 High |
| IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system. | ||||
| CVE-2025-6083 | 2025-06-13 | N/A | ||
| In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id. | ||||
| CVE-2025-25215 | 2025-06-13 | 8.8 High | ||
| An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability. | ||||
| CVE-2025-24919 | 2025-06-13 | 8.1 High | ||
| A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability. | ||||
| CVE-2025-24922 | 2025-06-13 | 8.8 High | ||
| A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call to trigger this vulnerability. | ||||
| CVE-2025-49598 | 2025-06-13 | N/A | ||
| conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling meta.yaml can inject malicious code into the version assignment, which is executed during file processing, leading to arbitrary code execution. Exploitation requires an attacker to modify the recipe file by manipulating the RECIPE_DIR variable and introducing a malicious meta.yaml file. While this is more feasible in CI/CD pipelines, it is uncommon in typical environments, reducing overall risk. This vulnerability is fixed in 4.15.0. | ||||
| CVE-2025-25050 | 2025-06-13 | 8.8 High | ||
| An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to trigger this vulnerability. | ||||
| CVE-2025-24311 | 2025-06-13 | 8.4 High | ||
| An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this vulnerability. | ||||
| CVE-2025-0129 | 2025-06-13 | N/A | ||
| An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables the user to use Prisma Access Browser without any restrictions. | ||||