Search
Search Results (338945 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4563 | 1 Kubernetes | 1 Kubernetes | 2025-06-27 | 2.7 Low |
| A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation. | ||||
| CVE-2023-47297 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations. | ||||
| CVE-2023-47031 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component. | ||||
| CVE-2025-52967 | 1 Lfprojects | 1 Mlflow | 2025-06-27 | 5.8 Medium |
| gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. | ||||
| CVE-2023-47030 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists. | ||||
| CVE-2023-47032 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. | ||||
| CVE-2025-52968 | 1 Freedesktop | 1 Xdg-utils | 2025-06-27 | 2.7 Low |
| xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin. | ||||
| CVE-2023-47295 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings. | ||||
| CVE-2025-50349 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-06-27 | 7.5 High |
| PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php. | ||||
| CVE-2025-2171 | 1 Aviatrix | 1 Controller | 2025-06-27 | N/A |
| Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN | ||||
| CVE-2025-53166 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53165 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53164 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53163 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53162 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53161 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53160 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53159 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53158 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53157 | 2025-06-27 | N/A | ||
| Not used | ||||