Export limit exceeded: 44155 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44155 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-40579 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-07-08 | 6.7 Medium |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition. | ||||
| CVE-2025-40577 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-07-08 | 4.3 Medium |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process. | ||||
| CVE-2021-22145 | 2 Elastic, Oracle | 2 Elasticsearch, Communications Cloud Native Core Automated Test Suite | 2025-07-08 | 6.5 Medium |
| A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details. | ||||
| CVE-2024-27330 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-07 | N/A |
| PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22286. | ||||
| CVE-2024-27331 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-07 | N/A |
| PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22287. | ||||
| CVE-2024-27332 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-07 | N/A |
| PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22288. | ||||
| CVE-2024-39003 | 1 Amoyjs | 1 Common | 2025-07-07 | 7.3 High |
| amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39000 | 2 Adolphdudu, Swiperjs | 2 Ratio-swiper, Swiper | 2025-07-07 | 6.5 Medium |
| adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38997 | 2 Adolphdudu, Swiperjs | 2 Ratio-swiper, Swiper | 2025-07-07 | 6.5 Medium |
| adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38994 | 1 Amoyjs | 1 Common | 2025-07-07 | 7.3 High |
| amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2025-6487 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-07-07 | 8.8 High |
| A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6486 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-07-07 | 8.8 High |
| A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-28267 | 1 Microsoft | 14 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 11 more | 2025-07-07 | 6.5 Medium |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | ||||
| CVE-2023-29362 | 1 Microsoft | 20 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 17 more | 2025-07-07 | 8.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2025-2040 | 1 Iocoder | 1 Ruoyi-vue-pro | 2025-07-07 | 6.3 Medium |
| A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-26849 | 1 Docusnap | 1 Docusnap | 2025-07-07 | 4.3 Medium |
| There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall rules. | ||||
| CVE-2025-0900 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A |
| PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25368. | ||||
| CVE-2024-52726 | 1 Crmeb | 1 Crmeb | 2025-07-07 | 7.5 High |
| CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information | ||||
| CVE-2024-54170 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | 5.5 Medium |
| IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles. | ||||
| CVE-2025-6658 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A |
| PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26733. | ||||