Total
157 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52937 | 2025-06-23 | N/A | ||
| Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE). | ||||
| CVE-2024-27438 | 1 Apache | 1 Doris | 2025-06-17 | 9.8 Critical |
| Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check. This issue affects Apache Doris: from 1.2.0 through 2.0.4. Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue. | ||||
| CVE-2024-33118 | 1 Luckyframe | 1 Luckyframeweb | 2025-06-10 | 7.5 High |
| LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController. | ||||
| CVE-2023-46143 | 1 Phoenixcontact | 31 Automationworx Software Suite, Axc 1050, Axc 1050 Firmware and 28 more | 2025-05-22 | 7.5 High |
| Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC. | ||||
| CVE-2025-4648 | 2025-05-13 | 8.4 High | ||
| Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29. | ||||
| CVE-2023-47353 | 1 Imoulife | 1 Imou Go | 2025-05-08 | 8.8 High |
| An issue in the com.oneed.dvr.service.DownloadFirmwareService component of IMOU GO v1.0.11 allows attackers to force the download of arbitrary files. | ||||
| CVE-2024-45023 | 1 Linux | 1 Linux Kernel | 2025-05-04 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk read_balance() will avoid reading from slow disks as much as possible, however, if valid data only lands in slow disks, and a new normal disk is still in recovery, unrecovered data can be read: raid1_read_request read_balance raid1_should_read_first -> return false choose_best_rdev -> normal disk is not recovered, return -1 choose_bb_rdev -> missing the checking of recovery, return the normal disk -> read unrecovered data Root cause is that the checking of recovery is missing in choose_bb_rdev(). Hence add such checking to fix the problem. Also fix similar problem in choose_slow_rdev(). | ||||
| CVE-2022-37908 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | 5.8 Medium |
| An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller. | ||||
| CVE-2024-30205 | 3 Debian, Gnu, Redhat | 4 Debian Linux, Emacs, Org Mode and 1 more | 2025-05-01 | 7.1 High |
| In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. | ||||
| CVE-2022-40799 | 1 Dlink | 2 Dnr-322l, Dnr-322l Firmware | 2025-04-25 | 8.8 High |
| Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. | ||||
| CVE-2022-45442 | 3 Debian, Redhat, Sinatrarb | 6 Debian Linux, Enterprise Linux, Rhel E4s and 3 more | 2025-04-22 | 8.8 High |
| Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. | ||||
| CVE-2025-28236 | 2025-04-22 | 9.8 Critical | ||
| Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execute arbitrary code via supplying a crafted update package to the /#/software/upgrades endpoint. | ||||
| CVE-2017-13083 | 1 Rufus Project | 1 Rufus | 2025-04-20 | N/A |
| Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code | ||||
| CVE-2017-2707 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2025-04-20 | N/A |
| Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message. | ||||
| CVE-2017-12740 | 1 Siemens | 1 Logo\! Soft Comfort | 2025-04-20 | N/A |
| Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. | ||||
| CVE-2017-2739 | 1 Huawei | 1 Vmall | 2025-04-20 | N/A |
| The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. | ||||
| CVE-2017-12306 | 1 Cisco | 1 Conference Director | 2025-04-20 | N/A |
| A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502. | ||||
| CVE-2022-46423 | 1 Netgear | 2 Wnr2000, Wnr2000 Firmware | 2025-04-17 | 8.1 High |
| An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier. | ||||
| CVE-2022-46428 | 1 Tp-link | 2 Tl-wr1043nd V1, Tl-wr1043nd V1 Firmware | 2025-04-16 | 4.8 Medium |
| TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | ||||
| CVE-2022-46430 | 1 Tp-link | 8 Tl-wr740n V1, Tl-wr740n V1 Firmware, Tl-wr740n V2 and 5 more | 2025-04-16 | 4.8 Medium |
| TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | ||||