Search Results (24976 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-8750 1 Microsoft 9 Edge, Internet Explorer, Windows 10 and 6 more 2025-04-20 N/A
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".
CVE-2017-8751 1 Microsoft 2 Edge, Windows 10 2025-04-20 N/A
Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766.
CVE-2017-8752 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2025-04-20 N/A
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.
CVE-2017-9511 2 Atlassian, Microsoft 3 Crucible, Fisheye, Windows 2025-04-20 7.5 High
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
CVE-2022-43516 2 Microsoft, Zabbix 2 Windows Firewall, Zabbix 2025-04-18 6.5 Medium
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
CVE-2025-27184 3 Adobe, Apple, Microsoft 3 After Effects, Macos, Windows 2025-04-18 5.5 Medium
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27185 3 Adobe, Apple, Microsoft 3 After Effects, Macos, Windows 2025-04-18 5.5 Medium
After Effects versions 25.1, 24.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27186 3 Adobe, Apple, Microsoft 3 After Effects, Macos, Windows 2025-04-18 5.5 Medium
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27187 3 Adobe, Apple, Microsoft 3 After Effects, Macos, Windows 2025-04-18 5.5 Medium
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-0206 2 Microsoft, Trellix 2 Windows, Anti-malware Engine 2025-04-17 7.1 High
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files
CVE-2022-38659 2 Hcltech, Microsoft 2 Bigfix Platform, Windows 2025-04-17 6 Medium
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.
CVE-2022-35751 1 Microsoft 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more 2025-04-16 7.8 High
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2022-21155 4 Apple, Fernhillsoftware, Linux and 1 more 4 Macos, Scada Server, Linux Kernel and 1 more 2025-04-16 7.5 High
A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit.
CVE-2022-22750 3 Apple, Microsoft, Mozilla 3 Macos, Windows, Firefox 2025-04-16 6.5 Medium
By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.<br>*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.
CVE-2022-22744 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2025-04-16 8.8 High
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-22753 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2025-04-16 7.1 High
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CVE-2022-22746 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2025-04-16 5.9 Medium
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVE-2022-31739 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2025-04-16 8.8 High
When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
CVE-2022-38391 3 Ibm, Linux, Microsoft 4 Aix, Spectrum Control, Linux Kernel and 1 more 2025-04-15 5.1 Medium
IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.
CVE-2025-27204 3 Adobe, Apple, Microsoft 3 After Effects, Macos, Windows 2025-04-15 5.5 Medium
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.