Export limit exceeded: 344006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344006 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23807 | 1 Apache | 2 Xerces-c, Xerces-c\+\+ | 2026-01-22 | 8.1 High |
| The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4. | ||||
| CVE-2023-1393 | 3 Fedoraproject, Redhat, X.org | 7 Fedora, Enterprise Linux, Rhel Aus and 4 more | 2026-01-22 | 7.8 High |
| A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. | ||||
| CVE-2025-32990 | 2 Gnu, Redhat | 9 Gnutls, Ceph Storage, Discovery and 6 more | 2026-01-22 | 6.5 Medium |
| A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. | ||||
| CVE-2025-8114 | 2 Libssh, Redhat | 3 Libssh, Enterprise Linux, Openshift | 2026-01-22 | 4.7 Medium |
| A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. | ||||
| CVE-2025-6395 | 1 Redhat | 7 Ceph Storage, Discovery, Enterprise Linux and 4 more | 2026-01-22 | 6.5 Medium |
| A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). | ||||
| CVE-2023-47038 | 3 Fedoraproject, Perl, Redhat | 5 Fedora, Perl, Enterprise Linux and 2 more | 2026-01-22 | 7 High |
| A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. | ||||
| CVE-2025-0306 | 1 Redhat | 2 Enterprise Linux, Storage | 2026-01-21 | 7.4 High |
| A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. | ||||
| CVE-2024-28835 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2026-01-21 | 5 Medium |
| A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. | ||||
| CVE-2025-12548 | 1 Redhat | 1 Openshift Devspaces | 2026-01-21 | 9 Critical |
| A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333. | ||||
| CVE-2025-66686 | 2 Grabaperch, Perch | 2 Perch, Perch Cms | 2026-01-21 | 6.1 Medium |
| A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any authenticated user clicks the Help button, potentially leading to session hijacking, information disclosure, privilege escalation, and unauthorized administrative actions. | ||||
| CVE-2025-66838 | 1 Softwareag | 1 Aris | 2026-01-21 | 6.5 Medium |
| In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion such as disk space depletion, increased server load, or degraded performance | ||||
| CVE-2025-66837 | 1 Softwareag | 1 Aris | 2026-01-21 | 6.8 Medium |
| A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware | ||||
| CVE-2025-46070 | 1 Automai | 1 Botmanager | 2026-01-21 | 9.8 Critical |
| An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component | ||||
| CVE-2025-46068 | 1 Automai | 1 Director | 2026-01-21 | 8.8 High |
| An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism | ||||
| CVE-2025-46067 | 1 Automai | 1 Director | 2026-01-21 | 8.2 High |
| An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file | ||||
| CVE-2025-46066 | 1 Automai | 1 Director | 2026-01-21 | 9.9 Critical |
| An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges | ||||
| CVE-2024-51539 | 1 Dell | 1 Secure Connect Gateway | 2026-01-21 | 2.3 Low |
| The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data. | ||||
| CVE-2025-31964 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-01-21 | 2.2 Low |
| Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface. | ||||
| CVE-2024-31771 | 1 Totalav | 1 Totalav | 2026-01-21 | 7.8 High |
| Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file | ||||
| CVE-2021-47815 | 2 Nsasoft, Nsauditor | 2 Nsauditor, Nsauditor | 2026-01-21 | 7.5 High |
| Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application crash. | ||||