Total
291802 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27102 | 1 Accellion | 1 Fta | 2025-04-30 | 7.8 High |
| Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. | ||||
| CVE-2025-42599 | 1 Qualitia | 1 Active\! Mail | 2025-04-30 | 9.8 Critical |
| Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. | ||||
| CVE-2021-27104 | 1 Accellion | 1 Fta | 2025-04-30 | 9.8 Critical |
| Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later. | ||||
| CVE-2025-31324 | 2025-04-30 | 10 Critical | ||
| SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. | ||||
| CVE-2021-27103 | 1 Accellion | 1 Fta | 2025-04-30 | 9.8 Critical |
| Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later. | ||||
| CVE-2025-1976 | 1 Broadcom | 1 Fabric Operating System | 2025-04-30 | 6.7 Medium |
| Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | ||||
| CVE-2021-27101 | 1 Accellion | 1 Fta | 2025-04-30 | 9.8 Critical |
| Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later. | ||||
| CVE-2025-46782 | 2025-04-30 | N/A | ||
| Not used | ||||
| CVE-2025-46781 | 2025-04-30 | N/A | ||
| Not used | ||||
| CVE-2025-46780 | 2025-04-30 | N/A | ||
| Not used | ||||
| CVE-2025-46779 | 2025-04-30 | N/A | ||
| Not used | ||||
| CVE-2025-46778 | 2025-04-30 | N/A | ||
| Not used | ||||
| CVE-2025-3910 | 1 Redhat | 1 Build Keycloak | 2025-04-30 | 5.4 Medium |
| A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication. | ||||
| CVE-2025-3501 | 1 Redhat | 2 Build Keycloak, Red Hat Single Sign On | 2025-04-30 | 8.2 High |
| A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended. | ||||
| CVE-2025-2559 | 1 Redhat | 2 Build Keycloak, Red Hat Single Sign On | 2025-04-30 | 4.9 Medium |
| A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system. | ||||
| CVE-2025-46560 | 2025-04-30 | 6.5 Medium | ||
| vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens (e.g., <|audio_|>, <|image_|>) with repeated tokens based on precomputed lengths. Due to inefficient list concatenation operations, the algorithm exhibits quadratic time complexity (O(n²)), allowing malicious actors to trigger resource exhaustion via specially crafted inputs. This issue has been patched in version 0.8.5. | ||||
| CVE-2025-32444 | 2025-04-30 | 10 Critical | ||
| vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. vLLM instances that do not make use of the mooncake integration are not vulnerable. This issue has been patched in version 0.8.5. | ||||
| CVE-2025-30202 | 2025-04-30 | 7.5 High | ||
| vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism across multiple hosts. Any client with network access to this host can connect to this XPUB socket unless its port is blocked by a firewall. Once connected, these arbitrary clients will receive all of the same data broadcasted to all of the secondary vLLM hosts. This data is internal vLLM state information that is not useful to an attacker. By potentially connecting to this socket many times and not reading data published to them, an attacker can also cause a denial of service by slowing down or potentially blocking the publisher. This issue has been patched in version 0.8.5. | ||||
| CVE-2024-0056 | 2 Microsoft, Redhat | 21 .net, .net Framework, Microsoft.data.sqlclient and 18 more | 2025-04-30 | 8.7 High |
| Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | ||||
| CVE-2024-21319 | 2 Microsoft, Redhat | 5 .net, Identity Model, Visual Studio 2022 and 2 more | 2025-04-30 | 6.8 Medium |
| Microsoft Identity Denial of service vulnerability | ||||