Search CVE reports
1 – 10 of 22507 results
CVE-2025-24368
Medium priorityCacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function...
1 affected package
cacti
| Package | 24.04 LTS |
|---|---|
| cacti | Needs evaluation |
CVE-2025-24367
Medium priorityCacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading...
1 affected package
cacti
| Package | 24.04 LTS |
|---|---|
| cacti | Needs evaluation |
CVE-2025-24356
Medium priorityfastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address...
1 affected package
fastd
| Package | 24.04 LTS |
|---|---|
| fastd | Needs evaluation |
CVE-2025-22865
Medium priorityUsing ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
15 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 24.04 LTS |
|---|---|
| golang | Not in release |
| golang-1.10 | Not in release |
| golang-1.13 | Not in release |
| golang-1.14 | Not in release |
| golang-1.16 | Not in release |
| golang-1.17 | Not in release |
| golang-1.18 | Not in release |
| golang-1.20 | Not in release |
| golang-1.21 | Needs evaluation |
| golang-1.22 | Needs evaluation |
| golang-1.23 | Needs evaluation |
| golang-1.24 | Not in release |
| golang-1.6 | Not in release |
| golang-1.8 | Not in release |
| golang-1.9 | Not in release |
CVE-2025-22604
Medium priorityCacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io()...
1 affected package
cacti
| Package | 24.04 LTS |
|---|---|
| cacti | Needs evaluation |
CVE-2025-0750
Medium priorityNot in release
A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths,...
1 affected package
cri-o
| Package | 24.04 LTS |
|---|---|
| cri-o | Not in release |
CVE-2025-0290
Medium priorityNot in release
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could...
1 affected package
gitlab
| Package | 24.04 LTS |
|---|---|
| gitlab | Not in release |
CVE-2024-55228
Medium priorityNot in release
A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
1 affected package
dolibarr
| Package | 24.04 LTS |
|---|---|
| dolibarr | Not in release |
CVE-2024-55227
Medium priorityNot in release
A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
1 affected package
dolibarr
| Package | 24.04 LTS |
|---|---|
| dolibarr | Not in release |
CVE-2024-54146
Medium priorityCacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.
1 affected package
cacti
| Package | 24.04 LTS |
|---|---|
| cacti | Needs evaluation |