Export limit exceeded: 348219 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35019 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24848 | 1 Qualcomm | 488 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9206 Lte Modem and 485 more | 2025-08-11 | 8.2 High |
| Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. | ||||
| CVE-2023-33104 | 1 Qualcomm | 204 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 201 more | 2025-08-11 | 7.5 High |
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. | ||||
| CVE-2024-21453 | 1 Qualcomm | 26 C-v2x 9150, C-v2x 9150 Firmware, Qcs410 and 23 more | 2025-08-11 | 7.5 High |
| Transient DOS while decoding message of size that exceeds the available system memory. | ||||
| CVE-2023-28563 | 1 Qualcomm | 460 Aqt1000, Aqt1000 Firmware, Ar8031 and 457 more | 2025-08-11 | 6.1 Medium |
| Information disclosure in IOE Firmware while handling WMI command. | ||||
| CVE-2023-28556 | 1 Qualcomm | 452 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 449 more | 2025-08-11 | 7.1 High |
| Cryptographic issue in HLOS during key management. | ||||
| CVE-2023-28554 | 1 Qualcomm | 296 Aqt1000, Aqt1000 Firmware, Ar9380 and 293 more | 2025-08-11 | 6.1 Medium |
| Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. | ||||
| CVE-2023-28569 | 1 Qualcomm | 416 Aqt1000, Aqt1000 Firmware, Ar9380 and 413 more | 2025-08-11 | 6.1 Medium |
| Information disclosure in WLAN HAL while handling command through WMI interfaces. | ||||
| CVE-2023-28566 | 1 Qualcomm | 250 Aqt1000, Aqt1000 Firmware, Csrb31024 and 247 more | 2025-08-11 | 6.1 Medium |
| Information disclosure in WLAN HAL while handling the WMI state info command. | ||||
| CVE-2025-4979 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 4.9 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. | ||||
| CVE-2025-1278 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | ||||
| CVE-2025-1908 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 7.7 High |
| An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. | ||||
| CVE-2024-45663 | 1 Ibm | 1 Db2 | 2025-08-08 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2025-2408 | 1 Gitlab | 1 Gitlab | 2025-08-07 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information. | ||||
| CVE-2025-2469 | 1 Gitlab | 1 Gitlab | 2025-08-07 | 3.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users. | ||||
| CVE-2024-38273 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | 5.4 Medium |
| Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | ||||
| CVE-2025-3777 | 1 Huggingface | 1 Transformers | 2025-08-07 | N/A |
| Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1. | ||||
| CVE-2024-2878 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names. | ||||
| CVE-2024-6356 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 4.4 Medium |
| An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot. | ||||
| CVE-2024-8266 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 4.4 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances. | ||||
| CVE-2024-7102 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 9.6 Critical |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances. | ||||