Export limit exceeded: 344006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344006 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9688 | 2025-09-02 | 5 Medium | ||
| A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. The identifier of the patch is 3984137fc0c44110f1ef876adb008885b05a6e18. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2022-38694 | 2025-09-02 | 7.8 High | ||
| In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2022-38693 | 2025-09-02 | 9.8 Critical | ||
| In FDL1, there is a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges. | ||||
| CVE-2023-5568 | 2 Redhat, Samba | 3 Enterprise Linux, Storage, Samba | 2025-09-02 | 5.9 Medium |
| A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service. | ||||
| CVE-2022-26083 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2025-09-02 | 7.5 High |
| Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2024-28952 | 2 Intel, Microsoft | 4 Integrated Performance Primitives, Ipp Software, Oneapi Base Toolkit and 1 more | 2025-09-02 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-32483 | 1 Intel | 2 Ema Software, Endpoint Management Assistant | 2025-09-02 | 8.2 High |
| Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-29191 | 1 Alexxit | 1 Go2rtc | 2025-09-02 | 6.1 Medium |
| gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `innerHTML` (`[1]`), which will insert the text as HTML. Commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba contains a patch for the issue. | ||||
| CVE-2025-4643 | 1 Payloadcms | 1 Payload | 2025-09-02 | N/A |
| Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed). This issue has been fixed in version 3.44.0 of Payload. | ||||
| CVE-2025-4644 | 1 Payloadcms | 1 Payload | 2025-09-02 | N/A |
| A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user. This issue has been fixed in version 3.44.0 of Payload. | ||||
| CVE-2024-47884 | 2025-09-02 | N/A | ||
| foxmarks is a CLI read-only interface for Firefox's bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox's database of bookmarks, history, input history, visits counter, use counter, view counter and more confidential information about the history of using Firefox. Permissions default to 0o600 for NamedTempFile. However, after copying the database, its permissions were copied with it resulting in an insecure file with 0x644 permissions. A malicious user is able to read the database when the targeted user executes foxmarks bookmarks or foxmarks history. This vulnerability is patched in v2.1.0. | ||||
| CVE-2024-36245 | 1 Intel | 3 Oneapi Base Toolkit, System Bring-up Toolkit, Vtune Profiler | 2025-09-02 | 6.7 Medium |
| Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-37027 | 1 Intel | 3 Oneapi Base Toolkit, System Bring-up Toolkit, Vtune Profiler | 2025-09-02 | 6.1 Medium |
| Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-30266 | 1 Bytecodealliance | 1 Wasmtime | 2025-09-02 | 3.3 Low |
| wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1. | ||||
| CVE-2024-39283 | 1 Intel | 2 Tdx Module, Tdx Module Software | 2025-09-02 | 6 Medium |
| Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-29155 | 1 Microchip | 1 Rn4870 | 2025-09-02 | 4.3 Medium |
| On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked. | ||||
| CVE-2024-2748 | 1 Github | 1 Enterprise Server | 2025-09-02 | 4.3 Medium |
| A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2023-47855 | 2 Intel, Netapp | 3 Tdx Module, Trust Domain Extensions Module, Hci Compute Node Bios | 2025-09-02 | 6 Medium |
| Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-45745 | 2 Intel, Netapp | 3 Tdx Module, Tdx Module Software, Hci Compute Node Bios | 2025-09-02 | 7.9 High |
| Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21801 | 1 Intel | 1 Tdx Module | 2025-09-02 | 7.1 High |
| Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access. | ||||