Export limit exceeded: 363576 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363576 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363576 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-46858 2 Linux, Redhat 6 Linux Kernel, Enterprise Linux, Rhel Aus and 3 more 2025-12-24 7.0 High
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action napi_poll netlink_sendmsg __napi_poll netlink_unicast process_backlog netlink_unicast_kernel __netif_receive_skb genl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOK genl_rcv_msg ip_local_deliver_finish genl_family_rcv_msg ip_protocol_deliver_rcu genl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcv mptcp_nl_remove_addrs_list tcp_rcv_established mptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_list_by_saddr mptcp_incoming_options mptcp_pm_del_add_timer mptcp_pm_del_add_timer kfree(entry) In remove_anno_list_by_saddr(running on CPU2), after leaving the critical zone protected by "pm.lock", the entry will be released, which leads to the occurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1). Keeping a reference to add_timer inside the lock, and calling sk_stop_timer_sync() with this reference, instead of "entry->add_timer". Move list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock, do not directly access any members of the entry outside the pm lock, which can avoid similar "entry->x" uaf.
CVE-2023-46308 1 Plotly 1 Plotly.js 2025-12-24 9.8 Critical
In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.
CVE-2025-68695 2025-12-24 N/A
Not used
CVE-2025-68694 2025-12-24 N/A
Not used
CVE-2025-68693 2025-12-24 N/A
Not used
CVE-2025-68692 2025-12-24 N/A
Not used
CVE-2025-68691 2025-12-24 N/A
Not used
CVE-2025-68690 2025-12-24 N/A
Not used
CVE-2025-68689 2025-12-24 N/A
Not used
CVE-2025-68688 2025-12-24 N/A
Not used
CVE-2025-68687 2025-12-24 N/A
Not used
CVE-2025-47325 1 Qualcomm 89 Csr8811, Csr8811 Firmware, Ipq8070 and 86 more 2025-12-23 6.5 Medium
Information disclosure while processing system calls with invalid parameters.
CVE-2025-47350 1 Qualcomm 37 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 34 more 2025-12-23 7.8 High
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.
CVE-2025-47372 1 Qualcomm 47 Qam8255p, Qam8255p Firmware, Qam8620p and 44 more 2025-12-23 9 Critical
Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.
CVE-2024-23789 2 Sharp, Sharp Corporation 5 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 2 more 2025-12-23 8.8 High
Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product.
CVE-2025-59479 1 Inaba 2 Ib-mct001, Ib-mct001 Firmware 2025-12-23 6.1 Medium
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product.
CVE-2025-66357 1 Inaba 2 Ib-mct001, Ib-mct001 Firmware 2025-12-23 N/A
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally.
CVE-2025-61976 1 Inaba 2 Ib-mct001, Ib-mct001 Firmware 2025-12-23 N/A
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive.
CVE-2025-66173 1 Hikvision 4 Ds-7104hghi-f1, Ds-7104hghi-f1 Firmware, Ds-7204hghi-f1 and 1 more 2025-12-23 6.2 Medium
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment.
CVE-2025-66174 1 Hikvision 4 Ds-7104hghi-f1, Ds-7104hghi-f1 Firmware, Ds-7204hghi-f1 and 1 more 2025-12-23 6.5 Medium
There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.