Export limit exceeded: 347461 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15535 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1414 | 1 Redhat | 1 3scale Api Management | 2025-05-09 | 8.8 High |
| 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks. | ||||
| CVE-2025-46347 | 1 Yeswiki | 1 Yeswiki | 2025-05-09 | 9.8 Critical |
| YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of the server. This could potentially be performed unwittingly by a user. This issue has been patched in version 4.5.4. | ||||
| CVE-2024-24921 | 1 Siemens | 1 Simcenter Femap | 2025-05-08 | 7.8 High |
| A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712) | ||||
| CVE-2020-9285 | 1 Sonos | 2 One, One Firmware | 2025-05-08 | 6.8 Medium |
| Some versions of Sonos One (1st and 2nd generation) allow partial or full memory access via attacker controlled hardware that can be attached to the Mini-PCI Express slot on the motherboard that hosts the WiFi card on the device. | ||||
| CVE-2024-0771 | 1 Nsasoft | 1 Product Key Explorer | 2025-05-08 | 5.3 Medium |
| A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2021-46757 | 1 Amd | 20 Ryzen Embedded 5600e, Ryzen Embedded 5600e Firmware, Ryzen Embedded 5800e and 17 more | 2025-05-07 | 7.8 High |
| Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation. | ||||
| CVE-2022-27625 | 1 Synology | 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more | 2025-05-07 | 10 Critical |
| A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | ||||
| CVE-2024-22388 | 1 Hidglobal | 16 Iclass Se Cp1000 Encoder, Iclass Se Cp1000 Encoder Firmware, Iclass Se Processors and 13 more | 2025-05-07 | 5.9 Medium |
| Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys. | ||||
| CVE-2024-26889 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2025-05-07 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy. | ||||
| CVE-2025-3988 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-07 | 8.8 High |
| A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-25029 | 1 Ibm | 1 Personal Communications | 2025-05-07 | 9 Critical |
| IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619. | ||||
| CVE-2025-3148 | 1 Code-projects | 1 Product Management System | 2025-05-07 | 3.3 Low |
| A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. This issue affects some unknown processing of the component Login. The manipulation of the argument Str1 leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-42010 | 1 Apache | 1 Heron | 2025-05-07 | 9.8 Critical |
| Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. | ||||
| CVE-2022-27624 | 1 Synology | 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more | 2025-05-07 | 10 Critical |
| A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | ||||
| CVE-2022-32926 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-06 | 6.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32940 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-06 | 7.8 High |
| The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32939 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-06 | 7.8 High |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32934 | 1 Apple | 1 Macos | 2025-05-06 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. A remote user may be able to cause kernel code execution. | ||||
| CVE-2018-18601 | 1 Guardzilla | 2 Gz621w, Gz621w Firmware | 2025-05-06 | 8.1 High |
| The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow. | ||||
| CVE-2018-6337 | 1 Facebook | 2 Folly, Hhvm | 2025-05-06 | 7.5 High |
| folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00. | ||||