Export limit exceeded: 15479 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15479 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-52867 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-24 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after access. | ||||
| CVE-2023-52731 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-23 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix invalid page access after closing deferred I/O devices When a fbdev with deferred I/O is once opened and closed, the dirty pages still remain queued in the pageref list, and eventually later those may be processed in the delayed work. This may lead to a corruption of pages, hitting an Oops. This patch makes sure to cancel the delayed work and clean up the pageref list at closing the device for addressing the bug. A part of the cleanup code is factored out as a new helper function that is called from the common fb_release(). | ||||
| CVE-2025-23397 | 1 Siemens | 2 Teamcenter Visualization, Tecnomatix Plant Simulation | 2025-09-23 | 7.8 High |
| A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2025-23398 | 1 Siemens | 2 Teamcenter Visualization, Tecnomatix Plant Simulation | 2025-09-23 | 7.8 High |
| A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2025-23400 | 1 Siemens | 2 Teamcenter Visualization, Tecnomatix Plant Simulation | 2025-09-23 | 7.8 High |
| A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2025-8001 | 1 Ashlar | 1 Cobalt | 2025-09-22 | N/A |
| Ashlar-Vellum Cobalt CO File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26053. | ||||
| CVE-2025-48007 | 1 Hallowelt | 1 Bluespice | 2025-09-22 | 6.4 Medium |
| Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1. | ||||
| CVE-2025-46703 | 1 Hallowelt | 1 Bluespice | 2025-09-22 | 6.4 Medium |
| Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1. | ||||
| CVE-2025-57880 | 1 Hallowelt | 1 Bluespice | 2025-09-22 | 5.4 Medium |
| Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceWhoIsOnline) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1. | ||||
| CVE-2024-33258 | 1 Jerryscript | 1 Jerryscript | 2025-09-22 | 7.1 High |
| Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c. | ||||
| CVE-2025-9523 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-09-20 | 9.8 Critical |
| A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2025-54628 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-20 | 5.3 Medium |
| Vulnerability of incomplete verification information in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-10432 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-09-20 | 9.8 Critical |
| A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2014-0770 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. | ||||
| CVE-2014-0768 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code. | ||||
| CVE-2014-0767 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely. | ||||
| CVE-2014-0766 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code. | ||||
| CVE-2014-0765 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely. | ||||
| CVE-2025-10443 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac9 and 1 more | 2025-09-19 | 8.8 High |
| A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2014-0764 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. | ||||