Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-51045 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-08-07 | N/A | N/A |
| Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/password-recovery.php file. This vulnerability is attributed to the insufficient validation of user input for the username parameter. | |||||
| CVE-2023-42114 | 1 Exim | 1 Exim | 2025-08-07 | N/A | 5.3 MEDIUM |
| Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account. . Was ZDI-CAN-17433. | |||||
| CVE-2024-38277 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | N/A | N/A |
| A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. | |||||
| CVE-2024-23116 | 1 Centreon | 1 Centreon Web | 2025-08-07 | N/A | N/A |
| Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateLCARelation function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22296. | |||||
| CVE-2024-38274 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | N/A | N/A |
| Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. | |||||
| CVE-2024-23115 | 1 Centreon | 1 Centreon Web | 2025-08-07 | N/A | N/A |
| Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateGroups function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22295. | |||||
| CVE-2024-23117 | 1 Centreon | 1 Centreon Web | 2025-08-07 | N/A | N/A |
| Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactServiceCommands function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22297. | |||||
| CVE-2024-23118 | 1 Centreon | 1 Centreon Web | 2025-08-07 | N/A | N/A |
| Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactHostCommands function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22298. | |||||
| CVE-2024-23119 | 1 Centreon | 1 Centreon Web | 2025-08-07 | N/A | N/A |
| Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the insertGraphTemplate function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22339. | |||||
| CVE-2024-0637 | 1 Centreon | 1 Centreon Web | 2025-08-07 | N/A | N/A |
| Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateDirectory function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22294. | |||||
| CVE-2024-1930 | 1 Rpm-software-management | 1 Dnf5 | 2025-08-07 | N/A | N/A |
| No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service. | |||||
| CVE-2024-4855 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-08-07 | N/A | 5.5 MEDIUM |
| Use after free issue in editcap could cause denial of service via crafted capture file | |||||
| CVE-2023-37347 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-07 | N/A | N/A |
| Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20444. | |||||
| CVE-2023-37348 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-07 | N/A | N/A |
| Kofax Power PDF U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20445. | |||||
| CVE-2023-37343 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-07 | N/A | N/A |
| Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20440. | |||||
| CVE-2023-37349 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-07 | N/A | N/A |
| Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20451. | |||||
| CVE-2023-51569 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-07 | N/A | N/A |
| Kofax Power PDF BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22016. | |||||
| CVE-2023-37350 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-07 | N/A | N/A |
| Kofax Power PDF TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20452. | |||||
| CVE-2023-37341 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-07 | N/A | N/A |
| Kofax Power PDF PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20397. | |||||
| CVE-2023-37342 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-07 | N/A | N/A |
| Kofax Power PDF PNG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20439. | |||||