Export limit exceeded: 363286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363286 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-20812 1 Samsung 1 Android 2025-05-15 8.4 High
Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
CVE-2024-20007 2 Google, Mediatek 34 Android, Mt6580, Mt6739 and 31 more 2025-05-15 7.5 High
In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.
CVE-2024-20001 2 Google, Mediatek 59 Android, Mt5583, Mt5586 and 56 more 2025-05-15 6.7 Medium
In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601.
CVE-2024-1284 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-15 9.8 Critical
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-5643 1 Arm 3 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver 2025-05-15 7.8 High
Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the system’s memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0.
CVE-2023-50292 1 Apache 1 Solr 2025-05-15 7.5 High
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue.
CVE-2023-50291 1 Apache 1 Solr 2025-05-15 7.5 High
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue:   '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'
CVE-2023-50026 1 Prestamonster 1 Multi Accessories Pro 2025-05-15 9.8 Critical
SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts().
CVE-2023-47354 1 Binhdrm26 1 Super Reboot 2025-05-15 7.8 High
An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) Recovery v1.0.3 allows attackers to arbitrarily reset or power off the device via a crafted intent
CVE-2023-42282 2 Fedorindutny, Redhat 6 Ip, Migration Toolkit Virtualization, Network Observ Optr and 3 more 2025-05-15 9.8 Critical
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
CVE-2023-40266 1 Mitel 1 Unify Openscape Xpressions Webassistant 2025-05-15 9.8 Critical
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.
CVE-2023-40265 1 Mitel 1 Unify Openscape Xpressions Webassistant 2025-05-15 8.8 High
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.
CVE-2023-39683 1 Zalify 1 Easy Email 2025-05-15 6.1 Medium
Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version.
CVE-2023-38995 1 Schuhfried 1 Schuhfried 2025-05-15 9.8 Critical
An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.
CVE-2022-38670 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-05-15 7.8 High
In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
CVE-2022-35040 1 Otfcc Project 1 Otfcc 2025-05-15 6.5 Medium
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567.
CVE-2025-3139 1 Fabian 1 Bus Reservation System 2025-05-15 5.3 Medium
A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical. Affected by this issue is the function Login of the component Login Form. The manipulation of the argument Str1 leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVE-2025-3172 1 Yugesh Verma 1 Online Lawyer Management System 2025-05-15 7.3 High
A vulnerability, which was classified as critical, has been found in Project Worlds Online Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyer_booking.php. The manipulation of the argument unblock_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3175 1 Yugesh Verma 1 Online Lawyer Management System 2025-05-15 7.3 High
A vulnerability was found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /save_user_edit_profile.php. The manipulation of the argument first_Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3176 1 Yugesh Verma 1 Online Lawyer Management System 2025-05-15 7.3 High
A vulnerability was found in Project Worlds Online Lawyer Management System 1.0. It has been classified as critical. This affects an unknown part of the file /single_lawyer.php. The manipulation of the argument u_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.