Skip to main content
CVE-2024-24428 HIGH POC This Month

A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-24427 HIGH This Month

A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-24424 HIGH This Month

A reachable assertion in the decode_access_point_name_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-24423 HIGH POC This Month

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magma
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-24422 HIGH POC This Month

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magma
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-24421 CRITICAL POC Act Now

A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Denial Of Service Magma
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-24420 HIGH POC This Month

A reachable assertion in the decode_linked_ti_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Magma
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-24419 HIGH POC This Month

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_traffic_flow_template_packet_filter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Magma
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-24418 HIGH POC This Month

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Magma
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-24417 HIGH POC This Month

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Magma
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-24416 HIGH POC This Month

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Magma
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23196 HIGH This Month

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ambari
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2025-23195 HIGH This Month

An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SSRF Ambari
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-51941 HIGH This Month

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Ambari
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-45479 CRITICAL PATCH This Week

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Ranger
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-45478 MEDIUM PATCH Monitor

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Ranger
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2025-21571 HIGH This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-21570 MEDIUM This Month

Vulnerability in the Oracle Life Sciences Argus Safety product of Oracle Health Sciences Applications (component: Login). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Argus Safety
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-21569 MEDIUM This Month

Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Services). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Oracle Hyperion Data Relationship Management
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2025-21568 MEDIUM Monitor

Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security). Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Hyperion Data Relationship Management
NVD
CVSS 3.1
4.5
EPSS
0.3%
CVE-2025-21567 MEDIUM Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Mysql Server MySQL Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-21566 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server MySQL Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-21565 HIGH This Month

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Install). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Agile Product Lifecycle Management
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-21564 HIGH This Month

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Agile Product Lifecycle Management
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-21563 MEDIUM Monitor

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Run Control Management). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Cc Common Application Objects
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-21562 MEDIUM Monitor

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Run Control Management). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Cc Common Application Objects
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-21561 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Scm Purchasing
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-21560 MEDIUM This Month

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: SDK-Software Development Kit). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Agile Product Lifecycle Management
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-21559 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21558 MEDIUM This Month

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-21557 MEDIUM This Month

Vulnerability in Oracle Application Express (component: General). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Application Express
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-21556 CRITICAL This Week

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Agile Product Lifecycle Management
NVD
CVSS 3.1
9.9
EPSS
1.0%
CVE-2025-21555 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21554 MEDIUM This Month

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Communications Order And Service Management
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-21553 MEDIUM Monitor

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Java Oracle Java Virtual Machine
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-21552 MEDIUM This Month

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Jd Edwards Enterpriseone Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-21551 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: File system). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Solaris
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-21550 MEDIUM This Month

Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Web UI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oracle Financial Services Behavior Detection Platform
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-21549 HIGH This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-21548 MEDIUM This Month

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Oracle Denial Of Service Mysql Connector Python
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-21547 CRITICAL This Week

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Denial Of Service Hospitality Opera 5
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2025-21546 LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Mysql Server MySQL
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-21545 HIGH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-21544 MEDIUM This Month

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Communications Order And Service Management
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-21543 MEDIUM PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Cluster Mysql Server MySQL +2
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-21542 MEDIUM This Month

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Communications Order And Service Management
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-21541 MEDIUM This Month

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Workflow
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-21540 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-21539 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise FIN eSettlements product of Oracle PeopleSoft (component: eSettlements). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Fin Esettlements
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-21538 MEDIUM This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oracle Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
6.1
EPSS
0.1%
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy