Search

Search Results (365153 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-68657 1 Espressif 2 Esp-usb, Usb Host Hid Driver 2026-01-22 6.4 Medium
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. The USB event callback and user code share the hid_iface_t state without locking, so both can tear down a READY interface simultaneously, corrupting heap metadata inside the ESP USB host stack. This vulnerability is fixed in 1.1.0.
CVE-2023-41175 3 Fedoraproject, Libtiff, Redhat 3 Fedora, Libtiff, Enterprise Linux 2026-01-22 6.5 Medium
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
CVE-2023-40745 4 Fedoraproject, Libtiff, Netapp and 1 more 4 Fedora, Libtiff, Active Iq Unified Manager and 1 more 2026-01-22 6.5 Medium
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
CVE-2023-6277 3 Fedoraproject, Libtiff, Redhat 3 Fedora, Libtiff, Enterprise Linux 2026-01-22 6.5 Medium
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
CVE-2025-65368 1 Codewithcj 1 Sparkyfitness 2026-01-22 6.1 Medium
SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output.
CVE-2025-61937 1 Aveva 1 Process Optimization 2026-01-22 10 Critical
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the  model application server.
CVE-2025-61943 1 Aveva 2 Historian, Process Optimization 2026-01-22 8.4 High
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.
CVE-2025-63896 2 Jxl, Jxlindia 3 Jxl Double Din Player, Jxl 9 Inch Car Android Double Din Player, Jxl 9 Inch Car Android Double Din Player Firmware 2026-01-22 7.6 High
An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device.
CVE-2024-37006 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-01-22 7.8 High
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
CVE-2024-37000 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-01-22 7.8 High
A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
CVE-2024-23157 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-01-22 7.8 High
A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
CVE-2024-23156 1 Autodesk 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more 2026-01-22 7.8 High
A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
CVE-2024-23148 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-01-22 7.8 High
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
CVE-2024-23147 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-01-22 7.8 High
A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
CVE-2024-12178 1 Autodesk 4 Navisworks, Navisworks Freedom, Navisworks Manage and 1 more 2026-01-22 7.8 High
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2025-64691 1 Aveva 1 Process Optimization 2026-01-22 8.8 High
The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.
CVE-2025-64729 1 Aveva 1 Process Optimization 2026-01-22 8.1 High
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.
CVE-2025-65117 1 Aveva 1 Process Optimization 2026-01-22 7.4 High
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.
CVE-2025-65118 1 Aveva 2 Application Server, Process Optimization 2026-01-22 8.8 High
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.
CVE-2025-64769 1 Aveva 1 Process Optimization 2026-01-22 7.1 High
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios.