Total
197 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45403 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-04-15 | 6.5 Medium |
| Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | ||||
| CVE-2022-42927 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-15 | 8.1 High |
| A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. | ||||
| CVE-2022-31736 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-15 | 9.8 Critical |
| A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | ||||
| CVE-2021-4229 | 1 Ua-parser-js Project | 1 Ua-parser-js | 2025-04-15 | 5 Medium |
| A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2014-3248 | 2 Puppet, Puppetlabs | 6 Facter, Hiera, Marionette Collective and 3 more | 2025-04-12 | N/A |
| Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. | ||||
| CVE-2022-24119 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2025-04-12 | 9.8 Critical |
| Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0. | ||||
| CVE-2011-2504 | 2 Redhat, Xfree86 | 2 Enterprise Linux, X11perf | 2025-04-11 | N/A |
| Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory. | ||||
| CVE-2010-2076 | 1 Apache | 1 Cxf | 2025-04-11 | 9.8 Critical |
| Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632. | ||||
| CVE-2021-29113 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 4.7 Medium |
| A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. | ||||
| CVE-2008-2142 | 1 Gnu | 2 Emacs, Xemacs | 2025-04-09 | N/A |
| Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. | ||||
| CVE-2004-0030 | 1 Phpgedview | 1 Phpgedview | 2025-04-03 | 9.8 Critical |
| PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2004-0285 | 3 Allmyguests Project, Allmylinks Project, Allmyvisitors Project | 3 Allmyguests, Allmylinks, Allmyvisitors | 2025-04-03 | 9.8 Critical |
| PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter. | ||||
| CVE-2025-27668 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012. | ||||
| CVE-2024-4769 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-04-01 | 5.9 Medium |
| When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | ||||
| CVE-2021-38360 | 1 Wp-publications Project | 1 Wp-publications | 2025-03-31 | 8.3 High |
| The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0. | ||||
| CVE-2024-5693 | 2 Mozilla, Redhat | 7 Firefox, Thunderbird, Enterprise Linux and 4 more | 2025-03-27 | 6.1 Medium |
| Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||||
| CVE-2024-45482 | 2025-03-27 | N/A | ||
| An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands. | ||||
| CVE-2023-21440 | 1 Samsung | 1 Android | 2025-03-24 | 6.2 Medium |
| Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. | ||||
| CVE-2019-15839 | 1 Sinaextra | 1 Sina Extension For Elementor | 2025-03-24 | N/A |
| The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. | ||||
| CVE-2022-41216 | 1 Hybridsoftware | 1 Cloudflow | 2025-03-20 | 8.3 High |
| Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system. | ||||