Search

Search Results (364917 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-0784 1 Intelbras 2 Incontrol, Incontrol Web 2025-08-20 3.7 Low
A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2025-24791 2 Linux, Snowflake 2 Linux Kernel, Snowflake Connector 2025-08-20 4.4 Medium
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.
CVE-2025-54624 1 Huawei 1 Harmonyos 2025-08-20 5.7 Medium
Unexpected injection event vulnerability in the multimodalinput module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-54625 1 Huawei 1 Harmonyos 2025-08-20 6.7 Medium
Race condition vulnerability in the kernel file system module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-54631 1 Huawei 2 Emui, Harmonyos 2025-08-20 6.7 Medium
Vulnerability of insufficient data length verification in the partition module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-24789 2 Microsoft, Snowflake 2 Windows, Snowflake Jdbc 2025-08-20 7.8 High
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver version. This vulnerability affects versions 3.2.3 through 3.21.0 on Windows. Snowflake fixed the issue in version 3.22.0.
CVE-2024-32740 1 Siemens 2 Simatic Cn 4100, Simatic Cn 4100 Firmware 2025-08-20 9.8 Critical
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.
CVE-2024-32742 1 Siemens 2 Simatic Cn 4100, Simatic Cn 4100 Firmware 2025-08-20 7.6 High
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem.
CVE-2024-34191 1 Htmly 1 Htmly 2025-08-20 6.5 Medium
htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request.
CVE-2024-31510 2 Open Quantum Safe, Openquantumsafe 2 Liboqs, Liboqs 2025-08-20 9.8 Critical
An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component.
CVE-2024-39150 1 B3log 1 Vditor 2025-08-20 5.9 Medium
vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet.
CVE-2024-36405 2 Open Quantum Safe, Openquantumsafe 2 Liboqs, Liboqs 2025-08-20 5.9 Medium
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for `-Os`, `-O1`, and other compilation options. A proof-of-concept local attack on the reference implementation leaks the entire ML-KEM 512 secret key in ~10 minutes using end-to-end decapsulation timing measurements. The issue has been fixed in version 0.10.1. As a possible workaround, some compiler options may produce vectorized code that does not leak secret information, however relying on these compiler options as a workaround may not be reliable.
CVE-2024-55567 1 Insyde 1 Insydeh2o 2025-08-20 7.5 High
Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
CVE-2025-50404 1 Intelbras 2 Rx 1500, Rx 1500 Firmware 2025-08-20 5.3 Medium
Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the array to cross the boundary and overwrite other fields in the array.
CVE-2025-50405 1 Intelbras 2 Rx 1500, Rx 1500 Firmware 2025-08-20 6.5 Medium
Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function.
CVE-2025-7077 2 Shenzhen Libituo Technology, Szlbt 3 Lbt-t300-t310, Lbt-t300-t310, Lbt-t300-t310 Firmware 2025-08-20 8.8 High
A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. The manipulation of the argument username_3g/password_3g leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-27907 1 Siemens 1 Simcenter Femap 2025-08-20 7.8 High
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22051)
CVE-2024-32058 1 Siemens 2 Ps\/iges Parasolid Translator, Simcenter Femap 2025-08-20 7.8 High
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563)
CVE-2024-32060 1 Siemens 2 Ps\/iges Parasolid Translator, Simcenter Femap 2025-08-20 7.8 High
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21565)
CVE-2024-32059 1 Siemens 2 Ps\/iges Parasolid Translator, Simcenter Femap 2025-08-20 7.8 High
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21564)