Export limit exceeded: 45935 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (45935 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-9369 1 Google 1 Chrome 2025-11-20 8.8 High
Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2024-9123 1 Google 1 Chrome 2025-11-20 8.8 High
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4456 1 Redhat 2 Logging, Openshift Logging 2025-11-20 5.7 Medium
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
CVE-2023-5764 2 Fedoraproject, Redhat 9 Extra Packages For Enterprise Linux, Fedora, Ansible and 6 more 2025-11-20 7.1 High
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
CVE-2019-10768 2 Angularjs, Redhat 4 Angularjs, Amq Broker, Jboss Fuse and 1 more 2025-11-20 7.5 High
In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
CVE-2024-8372 2 Angularjs, Netapp 3 Angular.js, Angularjs, Active Iq Unified Manager 2025-11-20 4.8 Medium
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
CVE-2023-47039 3 Microsoft, Perl, Redhat 3 Windows, Perl, Enterprise Linux 2025-11-20 7.8 High
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.
CVE-2023-26117 2 Angularjs, Fedoraproject 2 Angularjs, Fedora 2025-11-20 5.3 Medium
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
CVE-2023-26118 2 Angularjs, Fedoraproject 2 Angularjs, Fedora 2025-11-20 5.3 Medium
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
CVE-2023-26116 2 Angularjs, Fedoraproject 2 Angularjs, Fedora 2025-11-20 5.3 Medium
Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
CVE-2022-25844 3 Angularjs, Fedoraproject, Netapp 3 Angularjs, Fedora, Ontap Select Deploy Administration Utility 2025-11-20 5.3 Medium
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.
CVE-2023-38560 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2025-11-20 5.5 Medium
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.
CVE-2023-3745 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2025-11-20 5.5 Medium
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
CVE-2023-3428 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2025-11-20 6.2 Medium
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.
CVE-2022-2127 4 Debian, Fedoraproject, Redhat and 1 more 7 Debian Linux, Fedora, Enterprise Linux and 4 more 2025-11-20 5.9 Medium
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
CVE-2020-27792 3 Artifex, Debian, Redhat 3 Ghostscript, Debian Linux, Enterprise Linux 2025-11-20 7.1 High
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
CVE-2025-13188 2 D-link, Dlink 3 Dir-816l, Dir-816l, Dir-816l Firmware 2025-11-20 9.8 Critical
A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-13189 2 D-link, Dlink 3 Dir-816l, Dir-816l, Dir-816l Firmware 2025-11-20 8.8 High
A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-13190 2 D-link, Dlink 3 Dir-816l, Dir-816l, Dir-816l Firmware 2025-11-20 8.8 High
A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file /portal/__ajax_exporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-0822 2 Ovirt, Redhat 2 Ovirt-engine, Rhev Manager 2025-11-20 7.5 High
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.