Search

Search Results (366043 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-32887 1 Apple 1 Iphone Os 2025-05-06 7.8 High
The issue was addressed with improved memory handling. This issue is fixed in iOS 16. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-32881 1 Apple 3 Macos, Tvos, Watchos 2025-05-06 5.5 Medium
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to modify protected parts of the file system.
CVE-2022-32879 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-05-06 2.4 Low
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen.
CVE-2018-6340 1 Facebook 1 Hhvm 2025-05-06 8.1 High
The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below).
CVE-2018-6336 1 Linuxfoundation 1 Osquery 2025-05-06 7.8 High
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7
CVE-2018-6335 1 Facebook 1 Hhvm 2025-05-06 7.5 High
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.
CVE-2018-6332 1 Facebook 1 Hhvm 2025-05-06 5.9 Medium
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests.
CVE-2018-19918 1 Cuppacms 1 Cuppacms 2025-05-06 5.4 Medium
CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.
CVE-2018-19906 1 Razorcms 1 Razorcms 2025-05-06 5.4 Medium
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.
CVE-2018-19905 1 Razorcms 1 Razorcms 2025-05-06 5.4 Medium
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.
CVE-2018-18601 1 Guardzilla 2 Gz621w, Gz621w Firmware 2025-05-06 8.1 High
The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow.
CVE-2018-18600 1 Guardzilla 4 180 Indoor, 180 Indoor Firmware, 180 Outdoor and 1 more 2025-05-06 8.1 High
The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.
CVE-2024-23530 1 Ivanti 1 Avalanche 2025-05-06 7.5 High
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-23529 1 Ivanti 1 Avalanche 2025-05-06 7.5 High
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-12683 1 Brijeshk89 1 Smart Maintenance Mode 2025-05-06 3.5 Low
The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2025-2855 1 Eladmin 1 Eladmin 2025-05-06 4.7 Medium
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely.
CVE-2024-23528 1 Ivanti 1 Avalanche 2025-05-06 7.5 High
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2022-41787 1 F5 2 Big-ip Domain Name System, Big-ip Local Traffic Manager 2025-05-06 7.5 High
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate.
CVE-2023-6929 1 Eurotel 2 Etl3100, Etl3100 Firmware 2025-05-06 7.5 High
EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.
CVE-2025-28220 1 Tenda 2 W6-s, W6-s Firmware 2025-05-06 7.5 High
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request.