7.5
CVE-2024-47252 - Apache HTTP Server: mod_ssl error log variable escaping
Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variabβ¦
7.5
CVE-2024-43204 - Apache HTTP Server: SSRF with mod_headers setting Content-Type header
SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.Β Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP requesβ¦
7.5
CVE-2024-42516 - Apache HTTP Server: HTTP response splitting
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Seβ¦
6.5
CVE-2025-49464 - Zoom Clients for Windows- Classic Buffer Overflow
Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access.
6.9
CVE-2025-7409 - code-projects Mobile Shop LoginAsAdmin.php sql injection
A vulnerability was found in code-projects Mobile Shop 1.0 and classified as critical. This issue affects some unknown processing of the file /LoginAsAdmin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to theβ¦
6.5
CVE-2025-49463 - Zoom Clients for iOS - Insufficient Control Flow Management
Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.
3.5
CVE-2025-49462 - Zoom Clients - Cross-site Scripting
Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.
6.5
CVE-2025-46789 - Zoom Clients for Windows - Classic Buffer Overflow
Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.
7.4
CVE-2025-46788 - Zoom Workplace for Linux - Improper Certificate Validation
Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access.
5.3
CVE-2025-53364 - Parse Server exposes the data schema via GraphQL API
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schemaβ¦