Export limit exceeded: 338100 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338100 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6119 | 1 Assimp | 1 Assimp | 2025-06-17 | 5.3 Medium |
| A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | ||||
| CVE-2025-47869 | 1 Apache | 1 Nuttx | 2025-06-17 | 9.8 Critical |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1. This issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0. Users of XMLRPC in Apache NuttX RTOS are advised to review their code for this pattern and update buffer sizes as presented in the version of the example in release 12.9.0. | ||||
| CVE-2025-6120 | 1 Assimp | 1 Assimp | 2025-06-17 | 5.3 Medium |
| A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | ||||
| CVE-2025-6121 | 1 Dlink | 2 Dir-632, Dir-632 Firmware | 2025-06-17 | 9.8 Critical |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-35432 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | 6.1 Medium |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting. | ||||
| CVE-2024-21122 | 1 Oracle | 1 Peoplesoft Enterprise Hcm Shared Components | 2025-06-17 | 5.4 Medium |
| Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Text Catalog). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Shared Components, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2024-35431 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | 7.5 High |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1. | ||||
| CVE-2024-35433 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | 8.1 High |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user. | ||||
| CVE-2024-28000 | 1 Litespeedtech | 1 Litespeed Cache | 2025-06-17 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. | ||||
| CVE-2024-36526 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | 9.8 Critical |
| ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. | ||||
| CVE-2024-5475 | 2 Lepileppanen, Wordpress Plugin | 2 Responsive Video Embed, Responsive Video Embed | 2025-06-17 | 5.4 Medium |
| The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-4749 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-06-17 | 8.3 High |
| The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2025-5648 | 1 Radare | 1 Radare2 | 2025-06-17 | 2.5 Low |
| A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added. | ||||
| CVE-2024-1076 | 1 Sslzen | 1 Ssl Zen | 2025-06-17 | 6.5 Medium |
| The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX. | ||||
| CVE-2024-28294 | 1 Limbas | 1 Limbas | 2025-06-17 | 6.5 Medium |
| Limbas up to v5.2.14 was discovered to contain a SQL injection vulnerability via the ftid parameter. | ||||
| CVE-2024-0868 | 1 Dev4press | 1 Coreactivity | 2025-06-17 | 5.3 Medium |
| The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value | ||||
| CVE-2023-4826 | 1 Socialdriver | 1 Socialdriver | 2025-06-17 | 6.1 Medium |
| The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting (XSS) attack. | ||||
| CVE-2025-27956 | 1 Pixeon | 1 Weblaudos | 2025-06-17 | 7.5 High |
| Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter. | ||||
| CVE-2024-50599 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-06-17 | 6.1 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in the HTML response. | ||||
| CVE-2025-5431 | 1 Assamlook | 1 Assamlook Cms | 2025-06-17 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||