Export limit exceeded: 335853 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335853 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27967 | 1 Dsgvo-for-wp | 1 Dsgvo All In One For Wp | 2025-05-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3. | ||||
| CVE-2024-30809 | 1 Axiosys | 1 Bento4 | 2025-05-27 | 7.5 High |
| An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in Ap4Sample.h in AP4_Sample::GetOffset() const, leading to a Denial of Service (DoS), as demonstrated by mp42ts. | ||||
| CVE-2020-25730 | 1 Zoneminder | 1 Zoneminder | 2025-05-27 | 8.2 High |
| Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php. | ||||
| CVE-2024-30808 | 1 Axiosys | 1 Bento4 | 2025-05-27 | 2.7 Low |
| An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts. | ||||
| CVE-2025-30436 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-27 | 9.1 Critical |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls. | ||||
| CVE-2025-31195 | 1 Apple | 1 Macos | 2025-05-27 | 6.3 Medium |
| The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox. | ||||
| CVE-2023-31493 | 1 Zoneminder | 1 Zoneminder | 2025-05-27 | 6.6 Medium |
| RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system. | ||||
| CVE-2024-30807 | 2 Axiosys, Bento4 | 2 Bento4, Bento4 | 2025-05-27 | 7.5 High |
| An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts. | ||||
| CVE-2024-30806 | 1 Axiosys | 1 Bento4 | 2025-05-27 | 6.5 Medium |
| An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac. | ||||
| CVE-2024-31621 | 1 Flowiseai | 1 Flowise | 2025-05-27 | 7.6 High |
| An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component. | ||||
| CVE-2024-23076 | 1 Jfree | 1 Jfreechart | 2025-05-27 | 7.5 High |
| JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2024-34047 | 1 O-ran-sc | 1 Ric-plt-e2mgr | 2025-05-27 | 4.3 Medium |
| O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. | ||||
| CVE-2024-34048 | 1 O-ran-sc | 1 Ric-plt-e2mgr | 2025-05-27 | 9.8 Critical |
| O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. | ||||
| CVE-2024-34049 | 1 Onosproject | 1 Traffic Steering Xapplication | 2025-05-27 | 7.5 High |
| Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString[0:3], plmnIdString[3:]" in reader.go. | ||||
| CVE-2023-4709 | 1 Totvs | 1 Rm | 2025-05-27 | 3.1 Low |
| A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. It is possible to mitigate the problem by applying the configuration setting <pages validateRequest="true" [...] viewStateEncryptionMode="Always" />. It is recommended to change the configuration settings. The vendor was initially contacted early about this disclosure but did not respond in any way. In a later statement he explains, that "the behavior described [...] is related to specific configurations that are not part of the default application setup. In standard production environments, the relevant feature (VIEWSTATE) is disabled by default, which effectively mitigates the risk of exploitation." | ||||
| CVE-2025-48794 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-48793 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-48792 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-48791 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-48790 | 2025-05-27 | N/A | ||
| Not used | ||||