Export limit exceeded: 365292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365292 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39569 | 1 Siemens | 1 Sinema Remote Connect Client | 2025-08-27 | 6.6 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system. | ||||
| CVE-2024-39568 | 1 Siemens | 1 Sinema Remote Connect Client | 2025-08-27 | 7.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges. | ||||
| CVE-2024-39567 | 1 Siemens | 1 Sinema Remote Connect Client | 2025-08-27 | 7.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges. | ||||
| CVE-2024-32057 | 1 Siemens | 3 Ps\/iges Parasolid Translator, Ps Iges Parasolid Translator Component, Simcenter Femap | 2025-08-27 | 7.8 High |
| A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562) | ||||
| CVE-2024-32056 | 1 Siemens | 1 Simcenter Femap | 2025-08-27 | 7.8 High |
| A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-32055 | 1 Siemens | 3 Ps\/iges Parasolid Translator, Ps Iges Parasolid Translator Component, Simcenter Femap | 2025-08-27 | 7.8 High |
| A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-26010 | 1 Fortinet | 4 Fortios, Fortipam, Fortiproxy and 1 more | 2025-08-27 | 6.7 Medium |
| A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets. | ||||
| CVE-2024-23111 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-08-27 | 6.2 Medium |
| An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests. | ||||
| CVE-2024-21754 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-08-27 | 1.7 Low |
| A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file. | ||||
| CVE-2023-4807 | 1 Openssl | 1 Openssl | 2025-08-27 | 7.8 High |
| Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue. | ||||
| CVE-2023-46720 | 1 Fortinet | 1 Fortios | 2025-08-27 | 6.3 Medium |
| A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands. | ||||
| CVE-2023-40704 | 1 Philips | 1 Vue Pacs | 2025-08-27 | 6.8 Medium |
| The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity. | ||||
| CVE-2023-3935 | 3 Phoenixcontact, Trumpf, Wibu | 24 Activation Wizard, E-mobility Charging Suite, Fl Network Manager and 21 more | 2025-08-27 | 9.8 Critical |
| A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. | ||||
| CVE-2023-26136 | 2 Redhat, Salesforce | 8 Acm, Jboss Enterprise Application Platform, Logging and 5 more | 2025-08-27 | 6.5 Medium |
| Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. | ||||
| CVE-2023-23379 | 1 Microsoft | 1 Defender For Iot | 2025-08-27 | 7.8 High |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
| CVE-2022-44691 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-08-27 | 7.8 High |
| Microsoft Office OneNote Remote Code Execution Vulnerability | ||||
| CVE-2022-44666 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-08-27 | 7.8 High |
| Windows Contacts Remote Code Execution Vulnerability | ||||
| CVE-2022-38044 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-08-27 | 7.8 High |
| Windows CD-ROM File System Driver Remote Code Execution Vulnerability | ||||
| CVE-2022-2513 | 1 Hitachienergy | 6 650connectivitypackage, 670connectivitypackage, Gms600connectivitypackage and 3 more | 2025-08-27 | 7.1 High |
| A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An attacker having get access to the exported backup file can exploit the vulnerability and obtain user credentials of the IEDs. Additionally, an attacker with administrator access to the PCM600 host machine can obtain other user credentials by analyzing database log files. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs. | ||||
| CVE-2020-11113 | 5 Debian, Fasterxml, Netapp and 2 more | 41 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 38 more | 2025-08-27 | 8.8 High |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). | ||||