Search
Search Results (331596 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30408 | 2025-06-04 | N/A | ||
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938. | ||||
| CVE-2024-55539 | 2025-06-04 | N/A | ||
| Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185, Acronis Cyber Protect 16 (Linux) before build 39938. | ||||
| CVE-2023-48677 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2025-06-04 | 7.8 High |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938. | ||||
| CVE-2025-22777 | 1 Givewp | 1 Givewp | 2025-06-04 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.19.3. | ||||
| CVE-2024-56655 | 1 Linux | 1 Linux Kernel | 2025-06-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not defer rule destruction via call_rcu nf_tables_chain_destroy can sleep, it can't be used from call_rcu callbacks. Moreover, nf_tables_rule_release() is only safe for error unwinding, while transaction mutex is held and the to-be-desroyed rule was not exposed to either dataplane or dumps, as it deactives+frees without the required synchronize_rcu() in-between. nft_rule_expr_deactivate() callbacks will change ->use counters of other chains/sets, see e.g. nft_lookup .deactivate callback, these must be serialized via transaction mutex. Also add a few lockdep asserts to make this more explicit. Calling synchronize_rcu() isn't ideal, but fixing this without is hard and way more intrusive. As-is, we can get: WARNING: .. net/netfilter/nf_tables_api.c:5515 nft_set_destroy+0x.. Workqueue: events nf_tables_trans_destroy_work RIP: 0010:nft_set_destroy+0x3fe/0x5c0 Call Trace: <TASK> nf_tables_trans_destroy_work+0x6b7/0xad0 process_one_work+0x64a/0xce0 worker_thread+0x613/0x10d0 In case the synchronize_rcu becomes an issue, we can explore alternatives. One way would be to allocate nft_trans_rule objects + one nft_trans_chain object, deactivate the rules + the chain and then defer the freeing to the nft destroy workqueue. We'd still need to keep the synchronize_rcu path as a fallback to handle -ENOMEM corner cases though. | ||||
| CVE-2025-37782 | 2025-06-04 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-40671 | 2025-06-04 | N/A | ||
| SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘fk_remoto_central’ parameter on the ‘/webservices/articles.php’ endpoint. | ||||
| CVE-2025-37832 | 2025-06-04 | 7.0 High | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-2454 | 3 Fedoraproject, Postgresql, Redhat | 9 Fedora, Postgresql, Enterprise Linux and 6 more | 2025-06-04 | 7.2 High |
| schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | ||||
| CVE-2025-26396 | 2025-06-04 | 7.8 High | ||
| The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability. | ||||
| CVE-2025-49210 | 2025-06-04 | N/A | ||
| Not used | ||||
| CVE-2025-49209 | 2025-06-04 | N/A | ||
| Not used | ||||
| CVE-2025-49208 | 2025-06-04 | N/A | ||
| Not used | ||||
| CVE-2025-49207 | 2025-06-04 | N/A | ||
| Not used | ||||
| CVE-2025-49206 | 2025-06-04 | N/A | ||
| Not used | ||||
| CVE-2025-49205 | 2025-06-04 | N/A | ||
| Not used | ||||
| CVE-2025-49204 | 2025-06-04 | N/A | ||
| Not used | ||||
| CVE-2025-49203 | 2025-06-04 | N/A | ||
| Not used | ||||
| CVE-2025-49202 | 2025-06-04 | N/A | ||
| Not used | ||||
| CVE-2025-24859 | 1 Apache | 1 Roller | 2025-06-03 | 8.8 High |
| A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised. This issue affects Apache Roller versions up to and including 6.1.4. The vulnerability is fixed in Apache Roller 6.1.5 by implementing centralized session management that properly invalidates all active sessions when passwords are changed or users are disabled. | ||||