Export limit exceeded: 335291 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2870 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31918 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | 5.5 Medium |
| Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. | ||||
| CVE-2023-31913 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | 5.5 Medium |
| Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. | ||||
| CVE-2024-24427 | 1 Open5gs | 1 Open5gs | 2025-01-24 | 7.5 High |
| A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2024-24428 | 1 Open5gs | 1 Open5gs | 2025-01-24 | 7.5 High |
| A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. | ||||
| CVE-2023-31916 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | 5.5 Medium |
| Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. | ||||
| CVE-2023-27554 | 1 Ibm | 1 Websphere Application Server | 2025-01-24 | 6.3 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. | ||||
| CVE-2023-31921 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | 5.5 Medium |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. | ||||
| CVE-2023-31920 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | 5.5 Medium |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. | ||||
| CVE-2024-5919 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | 6.5 Medium |
| A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface. | ||||
| CVE-2023-37024 | 2025-01-23 | 7.5 High | ||
| A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an `Emergency Number List` Information Element. | ||||
| CVE-2024-49535 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-01-23 | 6.3 Medium |
| Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity, potentially leading to unauthorized read access outside the Acrobat sandbox. Exploitation of this issue requires user interaction in that a victim must process a malicious XML document. | ||||
| CVE-2024-1623 | 1 Sagemcom | 2 F\@st 3686, F\@st 3686 Firmware | 2025-01-23 | 7.7 High |
| Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly. | ||||
| CVE-2023-33005 | 1 Jenkins | 1 Wso2 Oauth | 2025-01-23 | 5.4 Medium |
| Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login. | ||||
| CVE-2024-42185 | 2025-01-23 | 2.5 Low | ||
| BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial of service and unauthorized access. | ||||
| CVE-2023-2161 | 1 Schneider-electric | 1 Opc Factory Server | 2025-01-22 | 5 Medium |
| A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. | ||||
| CVE-2023-23759 | 1 Facebook | 1 Fizz | 2025-01-21 | 7.5 High |
| There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service). | ||||
| CVE-2025-0479 | 2025-01-21 | N/A | ||
| This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. A remote attacker could exploit this vulnerability by intercepting data transmissions during an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and compromise the targeted system. | ||||
| CVE-2024-3486 | 1 Microfocus | 1 Imanager | 2025-01-21 | 7.8 High |
| XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution. | ||||
| CVE-2024-3969 | 1 Microfocus | 1 Imanager | 2025-01-21 | 7.8 High |
| XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload | ||||
| CVE-2022-46300 | 1 Visam | 1 Vbase Automation Base | 2025-01-17 | 5.5 Medium |
| Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||||