CVE-2025-5024 - "GNOME Remote Desktop RDP Denial of Service Vulnerability"
CVE ID : CVE-2025-5024
Published : May 22, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5024
Published : May 22, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5079 - Campcodes Online Shopping Portal SQL Injection Vulnerability
CVE ID : CVE-2025-5079
Published : May 22, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/updateorder.php. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5079
Published : May 22, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/updateorder.php. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5080 - Tenda FH451 Stack-Based Buffer Overflow
CVE ID : CVE-2025-5080
Published : May 22, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function webExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5080
Published : May 22, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function webExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23182 - Apache HTTP Server SQL Injection
CVE ID : CVE-2025-23182
Published : May 22, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : CWE-203: Observable Discrepancy
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23182
Published : May 22, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : CWE-203: Observable Discrepancy
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23183 - Apache HTTP Server Open Redirect Vulnerability
CVE ID : CVE-2025-23183
Published : May 22, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23183
Published : May 22, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2506 - EDB pglogical Replication Connection Verification Bypass
CVE ID : CVE-2025-2506
Published : May 22, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it is running on a replication connection but does not perform this check. This vulnerability was introduced in the pglogical 3.x codebase, which is proprietary to EDB. The same code base has been integrated into BDR/PGD 4 and 5. To exploit the vulnerability the attacker needs at least CONNECT permissions to a database configured for replication and must understand a number of pglogical3/BDR specific commands and be able to decode the binary protocol.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2506
Published : May 22, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it is running on a replication connection but does not perform this check. This vulnerability was introduced in the pglogical 3.x codebase, which is proprietary to EDB. The same code base has been integrated into BDR/PGD 4 and 5. To exploit the vulnerability the attacker needs at least CONNECT permissions to a database configured for replication and must understand a number of pglogical3/BDR specific commands and be able to decode the binary protocol.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45468 - FC Stable Diffusion Plus Privilege Escalation Vulnerability
CVE ID : CVE-2025-45468
Published : May 22, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45468
Published : May 22, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4366 - Pingora Pingora-proxy Request Smuggling Vulnerability
CVE ID : CVE-2025-4366
Published : May 22, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff Impact: The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4366
Published : May 22, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff Impact: The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5081 - Campcodes Cybercafe Management System SQL Injection Vulnerability
CVE ID : CVE-2025-5081
Published : May 22, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : A vulnerability classified as critical was found in Campcodes Cybercafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5081
Published : May 22, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : A vulnerability classified as critical was found in Campcodes Cybercafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13952 - ASPECT Predictable Filename Information Disclosure
CVE ID : CVE-2024-13952
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13952
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13953 - Raritan ASPECT Device Logger Credential Exposure Vulnerability
CVE ID : CVE-2024-13953
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13953
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13954 - ASPECT Information Disclosure Vulnerability
CVE ID : CVE-2024-13954
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13954
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13955 - Aspect SQL Injection Vulnerability
CVE ID : CVE-2024-13955
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13955
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13956 - ASPECT SSL Verification Bypass Authentication Bypass
CVE ID : CVE-2024-13956
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13956
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13957 - ASPECT SSRF Server Side Request Forgery
CVE ID : CVE-2024-13957
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13957
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13958 - Aspect Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-13958
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13958
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-40458 - Ocuco Innovation Elevation of Privilege
CVE ID : CVE-2024-40458
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-40458
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-40459 - Ocuco Innovation APPMANAGER Local Privilege Escalation Vulnerability
CVE ID : CVE-2024-40459
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-40459
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-40460 - Ocuco Innovation Privilege Escalation Vulnerability
CVE ID : CVE-2024-40460
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-40460
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-40461 - Ocuco Innovation Privilege Escalation Vulnerability
CVE ID : CVE-2024-40461
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-40461
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-40462 - Ocuco Innovation Local Privilege Escalation Vulnerability
CVE ID : CVE-2024-40462
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-40462
Published : May 22, 2025, 7:15 p.m. | 2 hours, 12 minutes ago
Description : An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...