Export limit exceeded: 23300 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23300 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8589 | 2 Autodesk, Microsoft | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-26 | 7.8 High |
| A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-8588 | 2 Autodesk, Microsoft | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-26 | 7.8 High |
| A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2022-40732 | 1 Microsoft | 3 Windows 11, Windows 11 21h2, Windows Server 2022 | 2025-08-26 | 5 Medium |
| An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | ||||
| CVE-2022-40733 | 1 Microsoft | 4 Windows, Windows 11 21h2, Windows Server and 1 more | 2025-08-26 | 5 Medium |
| An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | ||||
| CVE-2024-41138 | 1 Microsoft | 1 Teams | 2025-08-26 | 7.1 High |
| A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | ||||
| CVE-2024-42004 | 1 Microsoft | 1 Teams | 2025-08-26 | 7.1 High |
| A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | ||||
| CVE-2024-41145 | 1 Microsoft | 1 Teams | 2025-08-26 | 7.1 High |
| A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | ||||
| CVE-2025-54364 | 1 Microsoft | 1 Knack | 2025-08-26 | N/A |
| Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. option_descriptions employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when processing crafted docstrings containing a large volume of whitespace without a terminating colon. An attacker who can control or inject docstring content into affected applications can trigger excessive CPU consumption. This software is used by Azure CLI. | ||||
| CVE-2025-5191 | 2 Microsoft, Moxa | 5 Windows, Drp-a100, Drp-c100 and 2 more | 2025-08-25 | N/A |
| An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in a higher-priority directory within the search path. When the Serial Interface service starts, the malicious executable could be run with SYSTEM privileges. Successful exploitation could allow privilege escalation or enable an attacker to maintain persistence on the affected system. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality, integrity, or availability within any subsequent systems. | ||||
| CVE-1999-0468 | 1 Microsoft | 1 Internet Explorer | 2025-08-25 | 8.2 High |
| Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. | ||||
| CVE-2024-38864 | 2 Checkmk, Microsoft | 2 Checkmk, Windows | 2025-08-25 | 3.3 Low |
| Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. | ||||
| CVE-2024-41159 | 1 Microsoft | 1 Onenote | 2025-08-25 | 7.1 High |
| A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | ||||
| CVE-2024-39804 | 1 Microsoft | 1 Powerpoint | 2025-08-25 | 7.1 High |
| A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | ||||
| CVE-2022-41066 | 1 Microsoft | 5 Dynamics 365 Business Central, Dynamics 365 Business Central 2019, Dynamics 365 Business Central 2021 and 2 more | 2025-08-25 | 4.4 Medium |
| Microsoft Business Central Information Disclosure Vulnerability | ||||
| CVE-2025-1349 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-24 | 5.5 Medium |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-1348 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-24 | 4 Medium |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy. | ||||
| CVE-2025-36049 | 7 Apple, Ibm, Linux and 4 more | 7 Macos, Webmethods Integration, Linux Kernel and 4 more | 2025-08-24 | 8.8 High |
| IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. | ||||
| CVE-2025-36048 | 7 Apple, Ibm, Linux and 4 more | 7 Macos, Webmethods Integration, Linux Kernel and 4 more | 2025-08-24 | 7.2 High |
| IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges. | ||||
| CVE-2024-54183 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-24 | 5.4 Medium |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-54172 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-24 | 4.3 Medium |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||