Total
11562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30452 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An input validation issue was addressed. | |||||
| CVE-2025-24514 | 2025-11-03 | N/A | 8.8 HIGH | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | |||||
| CVE-2025-24513 | 2025-11-03 | N/A | 4.8 MEDIUM | ||
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster. | |||||
| CVE-2025-24255 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 8.4 HIGH |
| A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. | |||||
| CVE-2024-39573 | 2 Apache, Netapp | 2 Http Server, Ontap | 2025-11-03 | N/A | 7.5 HIGH |
| Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. | |||||
| CVE-2024-38879 | 1 Siemens | 1 Omnivise T3000 Application Server | 2025-11-03 | N/A | 7.5 HIGH |
| A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application. | |||||
| CVE-2024-35296 | 1 Apache | 1 Traffic Server | 2025-11-03 | N/A | 8.2 HIGH |
| Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. | |||||
| CVE-2024-22119 | 1 Zabbix | 1 Zabbix | 2025-11-03 | N/A | 5.5 MEDIUM |
| The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. | |||||
| CVE-2024-21871 | 2025-11-03 | N/A | 7.5 HIGH | ||
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21829 | 2025-11-03 | N/A | 7.5 HIGH | ||
| Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21781 | 2025-11-03 | N/A | 7.2 HIGH | ||
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access. | |||||
| CVE-2024-11234 | 1 Php | 1 Php | 2025-11-03 | N/A | 4.8 MEDIUM |
| In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. | |||||
| CVE-2023-34424 | 2025-11-03 | N/A | 4.4 MEDIUM | ||
| Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-32727 | 1 Zabbix | 1 Zabbix Server | 2025-11-03 | N/A | 6.8 MEDIUM |
| An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. | |||||
| CVE-2023-32721 | 1 Zabbix | 1 Zabbix | 2025-11-03 | N/A | 7.6 HIGH |
| A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | |||||
| CVE-2023-29457 | 1 Zabbix | 1 Frontend | 2025-11-03 | N/A | 6.3 MEDIUM |
| Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts. | |||||
| CVE-2023-29456 | 1 Zabbix | 1 Frontend | 2025-11-03 | N/A | 5.7 MEDIUM |
| URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards. | |||||
| CVE-2023-29455 | 1 Zabbix | 1 Frontend | 2025-11-03 | N/A | 5.4 MEDIUM |
| Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. | |||||
| CVE-2023-29454 | 1 Zabbix | 1 Frontend | 2025-11-03 | N/A | 5.4 MEDIUM |
| Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages. | |||||
| CVE-2023-27043 | 3 Fedoraproject, Netapp, Python | 4 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 1 more | 2025-11-03 | N/A | 5.3 MEDIUM |
| The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. | |||||