37007 matches found
CVE-2025-32470 Unauthenticated change of IP adress
A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device...
CVE-2025-32470 Unauthenticated change of IP adress
A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device...
undertow: buffer leak on incoming websocket PONG message may lead to DoS
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...
The vulnerability of the nilfsPutPage() function in the fs/nilfs2/dir.c module of the Linux file system support module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the nilfsputpage function in the fs/nilfs2/dir.c module of the Linux file system support module is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...
Vulnerability of the brd_init() function in the drivers/block/brd.c module – The driver for supporting block devices in the Linux operating system, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.
Vulnerability of the brdinit function in the drivers/block/brd.c module – The Linux block device driver relies on the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...
The vulnerability of the register_intc_controller() function in the drivers/sh/intc/core.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the registerintccontroller function in the drivers/sh/intc/core.c file of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the del_gendisk() function in the block/blk-sysfs.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the delgendisk function in the block/blk-sysfs.c module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the igen6_register_mci() function in the drivers/edac/igen6_edac.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the igen6registermci function in the drivers/edac/igen6edac.c module of the Linux kernel is related to reclamation processes. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
PT-2025-18086 · Unknown · Phpgurukul Nipah Virus Testing Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Nipah Virus Testing Management System version 1.0 Description: A critical issue has been found in the processing of the file /profile.php. The manipulation of the adminname argument leads to SQL injection. The attack may be initiat...
PT-2025-18054 · Sick Ag · Sick Flx0-Gpnt100 +1
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A remote unauthenticated attacker may be able to change the IP address of the device, and therefore affect the availability of the device. Recommendations: At the moment, there is no...
CVE-2025-3973
A vulnerability, which was classified as critical, was found in PHPGurukul COVID19 Testing Management System 1.0. This affects an unknown part of the file /checkavailability.php. The manipulation of the argument mobnumber leads to sql injection. It is possible to initiate the attack remotely. The...
SIOS Technology Quick Agent 安全漏洞
SIOS Technology Quick Agent is a component of a high availability and disaster recovery solution from SIOS Technology, Inc. that is used to monitor and protect business-critical applications. A security vulnerability exists in SIOS Technology Quick Agent V3 and V2, which stems from an improperly...
CVE-2025-46528
Cross-Site Request Forgery CSRF vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through = 0.2.4...
CVE-2025-31324
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...
CVE-2025-0639
An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...
BIT-GITLAB-2025-0639 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...
CVE-2025-2197
Browser is affected by type confusion vulnerability, successful exploitation of this vulnerability may affect service availability...
CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...
CVE-2025-43864
CVE-2025-43864: React Router (versions 7.2.0–7.5.1) allows forcing SPA mode by a request header, which on SSR apps can trigger a page-corrupting error. If a cache stores the error response, this enables cache poisoning and degrades availability. Patch: upgrade to React Router 7.5.2 (or later).
The vulnerability of the LockProjectUserRights method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the LockProjectUserRights method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the...