4.8

CVSS3.1

CVE-2025-29720 -

Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi.

📅 Published: April 14, 2025, midnight 🔄 Last Modified: June 18, 2025, 1:40 p.m.

7.4

CVSS3.1

CVE-2025-32914 - Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.…

A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.

📅 Published: April 14, 2025, midnight 🔄 Last Modified: Nov. 18, 2025, 9:15 a.m.

0.0

CVE-2025-32930 -

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.

📅 Published: April 14, 2025, midnight 🔄 Last Modified: April 14, 2025, 3:15 p.m.

5.3

CVSS3.1

CVE-2025-32909 - Libsoup: null pointer dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c

A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.

📅 Published: April 14, 2025, midnight 🔄 Last Modified: Nov. 6, 2025, 11:08 p.m.

6.5

CVSS3.1

CVE-2025-32910 - Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_…

A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.

📅 Published: April 14, 2025, midnight 🔄 Last Modified: Nov. 6, 2025, 11:08 p.m.

9.1

CVSS3.1

CVE-2025-32931 -

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command.

📅 Published: April 14, 2025, midnight 🔄 Last Modified: April 15, 2025, 6:39 p.m.

8.6

CVSS4.0

CVE-2025-3542 - H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess co…

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGI_WizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command injecti…

📅 Published: April 13, 2025, 11:31 p.m. 🔄 Last Modified: April 15, 2025, 6:39 p.m.

8.6

CVSS4.0

CVE-2025-3541 - H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoPr…

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGI_WizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The manipulati…

📅 Published: April 13, 2025, 11 p.m. 🔄 Last Modified: April 15, 2025, 6:39 p.m.

8.6

CVSS4.0

CVE-2025-3540 - H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardPr…

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess of the file /api/wizard/getCapability of the component HTTP POST Request Handler. The manipulation l…

📅 Published: April 13, 2025, 10:31 p.m. 🔄 Last Modified: April 15, 2025, 6:39 p.m.

8.1

CVSS3.1

CVE-2025-3445 - mholt/archiver: A Path Traversal "Zip Slip" vulnerability in mholt/archiver

A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using the archiver.Unarchi…

📅 Published: April 13, 2025, 10:10 p.m. 🔄 Last Modified: June 24, 2025, 9:44 a.m.
Total resulsts: 343942
Page 5374 of 34,395
« previous page » next page
Filters