Export limit exceeded: 21614 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10841 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10841 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28287 | 1 Mozilla | 1 Firefox | 2025-04-16 | 6.5 Medium |
| In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. | ||||
| CVE-2023-38994 | 1 Univention | 1 Univention Corporate Server | 2025-04-15 | 7.9 High |
| The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users. | ||||
| CVE-2022-34474 | 1 Mozilla | 1 Firefox | 2025-04-15 | 6.1 Medium |
| Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. | ||||
| CVE-2022-29912 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-15 | 6.1 Medium |
| Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | ||||
| CVE-2022-34478 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-04-15 | 6.5 Medium |
| The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | ||||
| CVE-2020-6099 | 1 Graphisoft | 1 Bimx Desktop Viewer | 2025-04-15 | 7.8 High |
| An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-29886 | 1 Estsoft | 1 Alyac | 2025-04-15 | 7.8 High |
| An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-32543 | 1 Estsoft | 1 Alyac | 2025-04-15 | 7.8 High |
| An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-28710 | 1 Wwbn | 1 Avideo | 2025-04-15 | 6.5 Medium |
| An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-32761 | 1 Wwbn | 1 Avideo | 2025-04-15 | 6.5 Medium |
| An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-36316 | 1 Mozilla | 1 Firefox | 2025-04-15 | 6.1 Medium |
| When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. | ||||
| CVE-2022-36314 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-04-15 | 5.5 Medium |
| When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. | ||||
| CVE-2024-34486 | 1 Facuet | 1 Ryu | 2025-04-15 | 7.5 High |
| OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0. | ||||
| CVE-2022-38474 | 1 Mozilla | 1 Firefox | 2025-04-15 | 4.3 Medium |
| A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.<br />*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 104. | ||||
| CVE-2024-33768 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | 9.8 Critical |
| lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over. | ||||
| CVE-2024-57720 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | 6.5 Medium |
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_blend. | ||||
| CVE-2024-57721 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | 6.5 Medium |
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path. | ||||
| CVE-2024-57723 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | 6.5 Medium |
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component composition_source_over. | ||||
| CVE-2024-55456 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | 6.5 Medium |
| lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell | ||||
| CVE-2024-33668 | 1 Zammad | 1 Zammad | 2025-04-15 | 9.1 Critical |
| An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to. | ||||