Export limit exceeded: 17172 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339080 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54952 | 1 Mikrotik | 1 Routeros | 2025-06-30 | 7.5 High |
| MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable. | ||||
| CVE-2024-56915 | 1 Netbox | 1 Netbox | 2025-06-30 | 6.5 Medium |
| Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget. | ||||
| CVE-2024-28056 | 2 Amazon, Aws | 2 Amplify Cli, Amplify Cli | 2025-06-30 | 9.8 Critical |
| Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently sts:AssumeRoleWithWebIdentity would be available to threat actors with no conditions. Thus, if Amplify CLI had been used to remove the Authentication component from a project built between August 2019 and January 2024, an "assume role" may have occurred, and may have been leveraged to obtain unauthorized access to an organization's AWS resources. NOTE: the problem could only occur if an authorized AWS user removed an Authentication component. (The vulnerability did not give a threat actor the ability to remove an Authentication component.) However, in realistic situations, an authorized AWS user may have removed an Authentication component, e.g., if the objective were to stop using built-in Cognito resources, or move to a completely different identity provider. | ||||
| CVE-2024-30256 | 1 Openwebui | 1 Open Webui | 2025-06-30 | 6.4 Medium |
| Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117. | ||||
| CVE-2024-22014 | 2 360totalsecurity, Microsoft | 3 360 Total Security, Antivirus, Windows | 2025-06-30 | 8.8 High |
| An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete. | ||||
| CVE-2024-33671 | 1 Veritas | 1 Backup Exec | 2025-06-30 | 7.7 High |
| An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. | ||||
| CVE-2024-33673 | 1 Veritas | 1 Backup Exec | 2025-06-30 | 7.8 High |
| An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. | ||||
| CVE-2024-31755 | 2 Cjson Project, Redhat | 3 Cjson, Satellite, Satellite Capsule | 2025-06-30 | 7.6 High |
| cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. | ||||
| CVE-2024-32404 | 1 Inducer | 1 Relate | 2025-06-30 | 6 Medium |
| Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature. | ||||
| CVE-2024-25343 | 1 Tenda | 2 N300, N300 Firmware | 2025-06-30 | 9.1 Critical |
| Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords. | ||||
| CVE-2024-29218 | 1 Keyence | 6 Kv Replay Viewer, Kv Studio, Vt5-wx12 and 3 more | 2025-06-30 | 8.8 High |
| Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier, KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file. | ||||
| CVE-2024-30800 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-06-30 | 5.6 Medium |
| PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. | ||||
| CVE-2024-28099 | 1 Keyence | 1 Vt Studio | 2025-06-30 | 7.8 High |
| VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | ||||
| CVE-2024-27347 | 1 Apache | 1 Hugegraph-hubble | 2025-06-30 | 5.3 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | ||||
| CVE-2024-29217 | 1 Apache | 1 Answer | 2025-06-30 | 4.6 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue. | ||||
| CVE-2024-32303 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-06-30 | 8 High |
| Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | ||||
| CVE-2024-28957 | 1 Nxtech | 6 Cente Ipv6, Cente Ipv6 Snmpv2, Cente Ipv6 Snmpv3 and 3 more | 2025-06-30 | 5.3 Medium |
| Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device. | ||||
| CVE-2024-28894 | 1 Nxtech | 3 Cente Ipv6, Cente Ipv6 Snmpv2, Cente Ipv6 Snmpv3 | 2025-06-30 | 5.3 Medium |
| Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet. | ||||
| CVE-2024-28231 | 1 Eprosima | 1 Fast Dds | 2025-06-30 | 9.7 Critical |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue. | ||||
| CVE-2024-23911 | 1 Nxtech | 3 Cente Ipv6, Cente Ipv6 Snmpv2, Cente Ipv6 Snmpv3 | 2025-06-30 | 7.5 High |
| Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet. | ||||