Export limit exceeded: 340857 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1224 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8773 | 2025-03-27 | N/A | ||
| SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch 6.30@a03.9, which make it possible for an administrator to enforce encrypted communication. Versions 6.20 and 6.25 remain unpatched. | ||||
| CVE-2024-1556 | 1 Mozilla | 1 Firefox | 2025-03-27 | 6.5 Medium |
| The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 123. | ||||
| CVE-2022-32655 | 1 Mediatek | 60 Mt5221, Mt5221 Firmware, Mt7603 and 57 more | 2025-03-26 | 6.7 Medium |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028. | ||||
| CVE-2023-23912 | 1 Ui | 20 Er-10x, Er-10x Firmware, Er-12 and 17 more | 2025-03-24 | 8.8 High |
| A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability. | ||||
| CVE-2023-30456 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-03-19 | 6.5 Medium |
| An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. | ||||
| CVE-2024-42861 | 1 Linuxptp Project | 1 Linuxptp | 2025-03-18 | 7.5 High |
| An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function | ||||
| CVE-2022-48329 | 1 Misp | 1 Misp | 2025-03-18 | 9.8 Critical |
| MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. | ||||
| CVE-2024-31806 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 6.5 Medium |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. | ||||
| CVE-2024-31809 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 8.8 High |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. | ||||
| CVE-2024-31812 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 6.5 Medium |
| In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. | ||||
| CVE-2025-0116 | 1 Paloaltonetworks | 1 Pan-os | 2025-03-18 | N/A |
| A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode. This issue does not apply to Cloud NGFWs or Prisma Access software. | ||||
| CVE-2025-20637 | 1 Mediatek | 3 Mt7981, Mt7986, Software Development Kit | 2025-03-17 | 7.5 High |
| In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID: MSV-2380. | ||||
| CVE-2024-43044 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2025-03-14 | 8.8 High |
| Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library. | ||||
| CVE-2024-25739 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-03-14 | 5.5 Medium |
| create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. | ||||
| CVE-2024-9399 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-03-14 | 7.5 High |
| A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | ||||
| CVE-2024-36730 | 1 Oneflow | 1 Oneflow | 2025-03-14 | 7.5 High |
| Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter. | ||||
| CVE-2023-42509 | 1 Jfrog | 1 Artifactory | 2025-03-11 | 6.6 Medium |
| JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data. | ||||
| CVE-2021-4105 | 1 Bg-tek | 16 Coslat Bx5s1d3, Coslat Bx5s1d3 Firmware, Coslat Bx5s1d4 and 13 more | 2025-03-11 | 9.8 Critical |
| Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. | ||||
| CVE-2022-39380 | 1 Wire | 1 Wire-webapp | 2025-03-10 | 5.3 Medium |
| Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it impossible to display the affected chat history, other conversations are not affected. The issue has been fixed in version 2022-11-02 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-11-02-production.0-v0.31.9-0-337e400 or wire-server 2022-11-03 (chart/4.26.0), so that their applications are no longer affected. As a workaround, you may use an iOS or Android client and delete the corresponding message from the history OR write 30 or more messages into the affected conversation to prevent the client from further rendering of the corresponding message. When attempting to retrieve messages from the conversation history, the error will continue to occur once the malformed message is part of the result. | ||||
| CVE-2023-23626 | 1 Protocol | 1 Go-bitfield | 2025-03-10 | 5.9 Medium |
| go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the `size` is a not a multiple of `8` or is negative. There were already a note in the `NewBitfield` documentation, however known users of this package are subject to this issue. Users are advised to upgrade. Users unable to upgrade should ensure that `size` is a multiple of 8 before calling `NewBitfield` or `FromBytes`. | ||||