Export limit exceeded: 366011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366011 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-47169 1 Intel 1 Media Sdk 2025-08-27 3.3 Low
Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-54939 1 Litespeedtech 4 Litespeed Web Adc, Litespeed Web Server, Lsquic and 1 more 2025-08-27 5.3 Medium
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
CVE-2013-4229 2 Drupal, Monster Menus Project 2 Drupal, Monster Menus 2025-08-27 N/A
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
CVE-2013-4230 2 Drupal, Monster Menus Project 2 Drupal, Monster Menus 2025-08-27 N/A
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
CVE-2013-4504 2 Drupal, Monster Menus Project 2 Drupal, Monster Menus 2025-08-27 N/A
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
CVE-2015-8095 2 Drupal, Monster Menus Project 2 Drupal, Monster Menus 2025-08-27 N/A
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
CVE-2024-29052 1 Microsoft 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more 2025-08-27 7.8 High
Windows Storage Elevation of Privilege Vulnerability
CVE-2024-28782 1 Ibm 2 Cloud Pak For Security, Qradar Suite 2025-08-27 6.3 Medium
IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.
CVE-2024-27360 1 Samsung 16 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 13 more 2025-08-27 6 Medium
A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service.
CVE-2024-26311 1 Archerirm 1 Archer 2025-08-27 5.7 Medium
Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application.
CVE-2024-26302 1 Arubanetworks 1 Clearpass Policy Manager 2025-08-27 4.8 Medium
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
CVE-2024-24938 1 Jetbrains 1 Teamcity 2025-08-27 5.3 Medium
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
CVE-2025-6981 1 Github 1 Enterprise Server 2025-08-27 4.3 Medium
An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18 and was fixed in versions 3.14.15, 3.15.10, 3.16.6 and 3.17.3
CVE-2024-6107 1 Canonical 2 Maas, Metal As A Service 2025-08-27 9.6 Critical
Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.
CVE-2025-7392 1 Cookies Addons Project 1 Cookies Addons 2025-08-27 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue affects Cookies Addons: from 1.0.0 before 1.2.4.
CVE-2025-7393 1 Mqanneh 1 Mail Login 2025-08-27 9.8 Critical
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0, from 4.0.0 before 4.2.0.
CVE-2024-52885 1 Checkpoint 5 Check Point, Gaia Os, Mobile Access and 2 more 2025-08-27 5 Medium
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
CVE-2025-2028 1 Checkpoint 3 Check Point, Log Server, Management Log Server 2025-08-27 6.5 Medium
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
CVE-2025-54878 1 Nasa 1 Cryptolib 2025-08-27 8.6 High
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version 1.4.0 and prior in the IV setup logic for telecommand frames. The problem arises from missing bounds checks when copying the Initialization Vector (IV) into a freshly allocated buffer. An attacker can supply a crafted TC frame that causes the library to write one byte past the end of the heap buffer, leading to heap corruption and undefined behaviour. An attacker supplying a malformed telecommand frame can corrupt heap memory. This leads to undefined behaviour, which could manifest itself as a crash (denial of service) or more severe exploitation. This issue has been patched in version 1.4.0.
CVE-2025-52566 1 Ggml 1 Llama.cpp 2025-08-27 8.6 High
llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036) resulting in unintended behavior in tokens copying size comparison. Allowing heap-overflowing llama.cpp inferencing engine with carefully manipulated text input during tokenization process. This issue has been patched in version b5721.