Total
12661 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21871 | 1 Intel | 153 Celeron G3900 Firmware, Celeron G3900te Firmware, Core I3-6100 Firmware and 150 more | 2025-11-03 | 7.5 High |
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21829 | 1 Intel | 1 Processors | 2025-11-03 | 7.5 High |
| Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21781 | 2025-11-03 | 7.2 High | ||
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access. | ||||
| CVE-2024-20926 | 4 Debian, Netapp, Oracle and 1 more | 15 Debian Linux, Cloud Insights Acquisition Unit, Cloud Insights Storage Workload Security Agent and 12 more | 2025-11-03 | 5.9 Medium |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2024-11234 | 3 Php, Php Group, Redhat | 3 Php, Php, Enterprise Linux | 2025-11-03 | 4.8 Medium |
| In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. | ||||
| CVE-2024-10465 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-11-03 | 7.5 High |
| A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | ||||
| CVE-2024-10224 | 4 Debian, Module Scandeps, Redhat and 1 more | 4 Debian Linux, Needrestart, Enterprise Linux and 1 more | 2025-11-03 | 5.3 Medium |
| Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval(). | ||||
| CVE-2023-52887 | 1 Linux | 1 Linux Kernel | 2025-11-03 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new This patch enhances error handling in scenarios with RTS (Request to Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE backtraces with a new error handling method. This provides clearer error messages and allows for the early termination of problematic sessions. Previously, sessions were only released at the end of j1939_xtp_rx_rts(). Potentially this could be reproduced with something like: testj1939 -r vcan0:0x80 & while true; do # send first RTS cansend vcan0 18EC8090#1014000303002301; # send second RTS cansend vcan0 18EC8090#1014000303002301; # send abort cansend vcan0 18EC8090#ff00000000002301; done | ||||
| CVE-2023-40267 | 2 Gitpython Project, Redhat | 4 Gitpython, Ansible Automation Platform, Satellite and 1 more | 2025-11-03 | 9.8 Critical |
| GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. | ||||
| CVE-2023-34424 | 2025-11-03 | 4.4 Medium | ||
| Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2023-32727 | 1 Zabbix | 1 Zabbix Server | 2025-11-03 | 6.8 Medium |
| An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. | ||||
| CVE-2023-32721 | 1 Zabbix | 1 Zabbix | 2025-11-03 | 7.6 High |
| A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | ||||
| CVE-2023-29457 | 1 Zabbix | 1 Frontend | 2025-11-03 | 6.3 Medium |
| Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts. | ||||
| CVE-2023-29456 | 1 Zabbix | 1 Frontend | 2025-11-03 | 5.7 Medium |
| URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards. | ||||
| CVE-2023-29455 | 1 Zabbix | 1 Frontend | 2025-11-03 | 5.4 Medium |
| Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. | ||||
| CVE-2023-29454 | 1 Zabbix | 1 Frontend | 2025-11-03 | 5.4 Medium |
| Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages. | ||||
| CVE-2023-27043 | 4 Fedoraproject, Netapp, Python and 1 more | 7 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 4 more | 2025-11-03 | 5.3 Medium |
| The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. | ||||
| CVE-2023-26159 | 2 Follow-redirects, Redhat | 14 Follow Redirects, Acm, Cluster Observability Operator and 11 more | 2025-11-03 | 7.3 High |
| Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | ||||
| CVE-2023-25927 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | 6.5 Medium |
| IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. | ||||
| CVE-2023-24329 | 4 Fedoraproject, Netapp, Python and 1 more | 14 Fedora, Active Iq Unified Manager, Management Services For Element Software and 11 more | 2025-11-03 | 7.5 High |
| An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | ||||