25 matches found
CVE-2025-27839
operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation genuineness check that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible...
CVE-2025-27412
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...
CVE-2025-27411
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...
CVE-2025-27412
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting XSS on the page of AddOns. This vulnerability is fixed in 5.18.3...
CVE-2025-27411
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...
CVE-2025-27411 REDAXO allows Arbitrary File Upload in the mediapool page
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...
CVE-2025-27411 REDAXO allows Arbitrary File Upload in the mediapool page
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...
CVE-2025-27411
CVE-2025-27411 concerns REDAXO, a PHP-based CMS. The vulnerability is in the mediapool/media page prior to version 5.18.3, where insufficient validation allows an arbitrary file upload. Documents consistently state that this could enable uploading and potentially executing malicious files, enabli...
PT-2025-9839 · Redaxo · Redaxo
Name of the Vulnerable Software and Affected Versions: Redaxo versions prior to 5.18.3 Description: The issue concerns arbitrary file upload in the mediapool/media page of the Redaxo CMS. This vulnerability has been fixed in version 5.18.3. Recommendations: For versions prior to 5.18.3, update to...
CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the gravityDownloadBlocklistFromUrl function. Depending on some...
CVE-2024-34361
Pi-hole CVE-2024-34361 affects Core versions before 5.18.3. The vulnerability allows an authenticated user to make internal requests via gravity_DownloadBlocklistFromUrl(), potentially leading to remote code execution (RCE). A patch exists in 5.18.3. Public advisories from Red Hat and OSV describ...
CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the gravityDownloadBlocklistFromUrl function. Depending on some...
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
CVE-2023-23614 Improper session handling of "Remember me for 7 days" functionality
Pi-hole®'s Web interface based off of AdminLTE provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an...
GSD-2022-1002824 ath11k: disable spectral scan during spectral deinit
ath11k: disable spectral scan during spectral deinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...
GSD-2022-1002820 drm/amdkfd: Fix circular lock dependency warning
drm/amdkfd: Fix circular lock dependency warning This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...
GSD-2022-1002802 drm/omap: fix NULL but dereferenced coccicheck error
drm/omap: fix NULL but dereferenced coccicheck error This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...
GSD-2022-1002768 regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
regulator: core: Fix enablecount imbalance with EXCLUSIVEGET This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...
GSD-2022-1002762 Bluetooth: use hdev lock for accept_list and reject_list in conn req
Bluetooth: use hdev lock for acceptlist and rejectlist in conn req This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...