Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7177 | 1 Openinfosecfoundation | 1 Suricata | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. | |||||
| CVE-2017-6032 | 1 Schneider-electric | 2 Modbus, Modbus Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks. | |||||
| CVE-2021-26328 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-09 | N/A | 4.4 MEDIUM |
| Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests. | |||||
| CVE-2025-3069 | 1 Google | 1 Chrome | 2025-04-07 | N/A | 8.8 HIGH |
| Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-21267 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 4.4 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2024-33510 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-01-17 | N/A | 4.3 MEDIUM |
| AnĀ improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests. | |||||
| CVE-2024-6772 | 1 Google | 1 Chrome | 2024-12-26 | N/A | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-2174 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | N/A | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-3845 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-3844 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | |||||
| CVE-2024-40650 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-27842 | 1 Apple | 1 Macos | 2024-12-09 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2024-12056 | 2024-12-04 | N/A | N/A | ||
| The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges. | |||||
| CVE-2024-6101 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-5500 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-3838 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 5.5 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium) | |||||
| CVE-2024-23592 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication. | |||||
| CVE-2023-4501 | 1 Microfocus | 5 Cobol Server, Enterprise Developer, Enterprise Server and 2 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user. Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon. Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password. | |||||
| CVE-2023-40445 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | N/A | 7.5 HIGH |
| The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock. | |||||
| CVE-2023-3266 | 1 Cyberpower | 1 Powerpanel Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully. | |||||