Export limit exceeded: 14123 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 15515 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20133 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-45858 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-05-23 | 9.8 Critical |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. | ||||
| CVE-2021-21345 | 7 Apache, Debian, Fedoraproject and 4 more | 23 Activemq, Jmeter, Debian Linux and 20 more | 2025-05-23 | 5.8 Medium |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | ||||
| CVE-2013-7285 | 4 Apache, Oracle, Redhat and 1 more | 17 Activemq, Endeca Information Discovery Studio, Fuse Esb Enterprise and 14 more | 2025-05-23 | 9.8 Critical |
| Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON. | ||||
| CVE-2020-26217 | 6 Apache, Debian, Netapp and 3 more | 23 Activemq, Debian Linux, Snapmanager and 20 more | 2025-05-23 | 8 High |
| XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. | ||||
| CVE-2020-26259 | 5 Apache, Debian, Fedoraproject and 2 more | 10 Struts, Debian Linux, Fedora and 7 more | 2025-05-23 | 6.8 Medium |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories. | ||||
| CVE-2022-40151 | 2 Redhat, Xstream | 5 Camel Quarkus, Camel Spring Boot, Jboss Enterprise Bpms Platform and 2 more | 2025-05-23 | 6.5 Medium |
| Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | ||||
| CVE-2022-40152 | 3 Fasterxml, Redhat, Xstream | 9 Woodstox, Camel Quarkus, Camel Spring Boot and 6 more | 2025-05-23 | 6.5 Medium |
| Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | ||||
| CVE-2024-53584 | 1 Openpanel | 1 Openpanel | 2025-05-23 | 9.8 Critical |
| OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter. | ||||
| CVE-2022-35096 | 1 Swftools | 1 Swftools | 2025-05-23 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c. | ||||
| CVE-2022-35095 | 1 Swftools | 1 Swftools | 2025-05-23 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc. | ||||
| CVE-2022-35094 | 1 Swftools | 1 Swftools | 2025-05-23 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. | ||||
| CVE-2022-35093 | 1 Swftools | 1 Swftools | 2025-05-23 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. | ||||
| CVE-2025-4788 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-05-23 | 7.3 High |
| A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component DELETE Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4789 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-05-23 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component LCD Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4790 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-05-23 | 7.3 High |
| A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component GLOB Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4791 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-05-23 | 7.3 High |
| A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component HASH Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-36761 | 1 Gfx-rs | 2 Naga, Wgpu | 2025-05-23 | 9.8 Critical |
| naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs. | ||||
| CVE-2022-40864 | 1 Tendacn | 4 Ac15, Ac15 Firmware, Ac18 and 1 more | 2025-05-22 | 9.8 Critical |
| Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet | ||||
| CVE-2022-40862 | 1 Tendacn | 4 Ac15, Ac15 Firmware, Ac18 and 1 more | 2025-05-22 | 9.8 Critical |
| Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting | ||||
| CVE-2022-40860 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2025-05-22 | 9.8 Critical |
| Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList | ||||