Export limit exceeded: 351494 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44132 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4171 | 1 Tenda | 2 W30e, W30e Firmware | 2025-07-15 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-58117 | 1 Huawei | 1 Harmonyos | 2025-07-15 | 4 Medium |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | ||||
| CVE-2025-5228 | 2 D-link, Dlink | 3 Di-8100, Di-8100, Di-8100 Firmware | 2025-07-15 | 8.8 High |
| A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11169 | 1 Librechat | 1 Librechat | 2025-07-15 | N/A |
| An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6. | ||||
| CVE-2024-46901 | 2 Apache, Debian | 2 Subversion, Debian Linux | 2025-07-15 | 3.1 Low |
| Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. | ||||
| CVE-2025-22471 | 1 Dell | 1 Powerscale Onefs | 2025-07-15 | 6.5 Medium |
| Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2025-29985 | 1 Dell | 1 Common Event Enabler | 2025-07-15 | 6.5 Medium |
| Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | ||||
| CVE-2025-7468 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2025-07-15 | 8.8 High |
| A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerability affects the function fromSafeUrlFilter of the file /goform/fromSafeUrlFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5451 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | 4.9 Medium |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service. | ||||
| CVE-2025-3618 | 1 Rockwellautomation | 1 Thinmanager | 2025-07-14 | 5.5 Medium |
| A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software. | ||||
| CVE-2025-3286 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | 7.8 High |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | ||||
| CVE-2025-3285 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | 7.8 High |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | ||||
| CVE-2025-3287 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | 7.8 High |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | ||||
| CVE-2025-3288 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | 7.8 High |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | ||||
| CVE-2025-27165 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-07-14 | 5.5 Medium |
| Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-12580 | 1 Librechat | 1 Librechat | 2025-07-14 | 5.3 Medium |
| A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and file_id in the /code/download/:sessionId/:fileId and /download/:userId/:file_id APIs are not validated or filtered, leading to potential log injection attacks. This can cause distortion of monitoring and investigation information, evade detection from security systems, and create difficulties in maintenance and operation. | ||||
| CVE-2025-53171 | 1 Huawei | 1 Harmonyos | 2025-07-14 | 4 Medium |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | ||||
| CVE-2025-53172 | 1 Huawei | 1 Harmonyos | 2025-07-14 | 4 Medium |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | ||||
| CVE-2025-53173 | 1 Huawei | 1 Harmonyos | 2025-07-14 | 5.3 Medium |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | ||||
| CVE-2025-53174 | 1 Huawei | 1 Harmonyos | 2025-07-14 | 4 Medium |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | ||||