Search

Search Results (363161 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-20176 1 Cisco 2 Ios, Ios Xe 2025-07-03 7.7 High
A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.  This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.
CVE-2024-29852 1 Veeam 2 Backup Enterprise Manager, Veeam Backup \& Replication 2025-07-03 N/A
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
CVE-2024-29853 1 Veeam 2 Agent, Veeam Agent For Windows 2025-07-03 N/A
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.
CVE-2024-23944 2 Apache, Redhat 2 Zookeeper, Amq Streams 2025-07-03 5.3 Medium
Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical. Users are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue.
CVE-2023-39851 1 Webchess Project 1 Webchess 2025-07-03 9.8 Critical
webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation.
CVE-2025-53076 1 Samsung 1 Rlottie 2025-07-03 9.8 Critical
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.
CVE-2025-53074 1 Samsung 1 Rlottie 2025-07-03 9.1 Critical
Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.
CVE-2018-9372 1 Google 1 Android 2025-07-03 7.8 High
In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9409 1 Google 1 Android 2025-07-03 7.8 High
In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9375 1 Google 1 Android 2025-07-03 7.8 High
In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-27591 1 Facebook 1 Below 2025-07-03 6.8 Medium
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
CVE-2024-25659 2 Infinera, Nokia 2 Tnms, Transcend Network Management System 2025-07-03 7.2 High
In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory.
CVE-2024-25660 2 Infinera, Nokia 2 Tnms, Transcend Network Management System 2025-07-03 9 Critical
The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges.
CVE-2024-33210 1 Flatpress 1 Flatpress 2025-07-03 5.4 Medium
A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.
CVE-2024-45960 1 Tribalsystems 1 Zenario 2025-07-03 4.8 Medium
Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.
CVE-2024-45964 1 Tribalsystems 1 Zenario 2025-07-03 4.8 Medium
Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field.
CVE-2023-4322 2 Fedoraproject, Radare 2 Fedora, Radare2 2025-07-03 9.8 Critical
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
CVE-2023-4358 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-07-03 8.8 High
Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4104 1 Mozilla 1 Vpn 2025-07-03 5.5 Medium
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.16.1 < (Linux).
CVE-2023-40072 1 Elecom 4 Wab-s300, Wab-s300 Firmware, Wab-s600-ps and 1 more 2025-07-03 8.8 High
OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.