Export limit exceeded: 348749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25266 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25266 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32645 | 1 Vyperlang | 1 Vyper | 2025-01-02 | 5.3 Medium |
| Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available. | ||||
| CVE-2024-32646 | 1 Vyperlang | 1 Vyper | 2025-01-02 | 5.3 Medium |
| Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available. | ||||
| CVE-2023-34878 | 1 Ujcms | 1 Ujcms | 2025-01-02 | 7.5 High |
| An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip. | ||||
| CVE-2023-34250 | 1 Discourse | 1 Discourse | 2025-01-02 | 4.8 Medium |
| Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds. | ||||
| CVE-2024-7023 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-01-02 | 8 High |
| Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2024-13110 | 2025-01-02 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java, of the component Exam Answer Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-35619 | 1 Microsoft | 1 Office Long Term Servicing Channel | 2025-01-01 | 5.3 Medium |
| Microsoft Outlook for Mac Spoofing Vulnerability | ||||
| CVE-2023-35636 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-01-01 | 6.5 Medium |
| Microsoft Outlook Information Disclosure Vulnerability | ||||
| CVE-2023-35625 | 1 Microsoft | 2 Azure Machine Learning Sdk, Azure Machine Learning Software Development Kit | 2025-01-01 | 4.7 Medium |
| Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability | ||||
| CVE-2023-35391 | 1 Microsoft | 4 .net, Asp.net Core, Visual Studio and 1 more | 2025-01-01 | 6.2 Medium |
| ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability | ||||
| CVE-2023-36897 | 1 Microsoft | 8 365 Apps, Office, Office Long Term Servicing Channel and 5 more | 2025-01-01 | 8.1 High |
| Visual Studio Tools for Office Runtime Spoofing Vulnerability | ||||
| CVE-2023-36899 | 1 Microsoft | 11 .net, .net Framework, Windows 10 1809 and 8 more | 2025-01-01 | 8.8 High |
| ASP.NET Elevation of Privilege Vulnerability | ||||
| CVE-2023-36873 | 1 Microsoft | 13 .net, .net Framework, Windows 10 1607 and 10 more | 2025-01-01 | 7.4 High |
| .NET Framework Spoofing Vulnerability | ||||
| CVE-2023-35303 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 8.8 High |
| USB Audio Class System Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-36872 | 1 Microsoft | 1 Vp9 Video Extensions | 2025-01-01 | 5.5 Medium |
| VP9 Video Extensions Information Disclosure Vulnerability | ||||
| CVE-2023-35367 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 9.8 Critical |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35366 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 9.8 Critical |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35365 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 9.8 Critical |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35336 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-01-01 | 6.5 Medium |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | ||||
| CVE-2023-32037 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2025-01-01 | 6.5 Medium |
| Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability | ||||