Export limit exceeded: 363500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-26781 1 Samsung 39 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 36 more 2025-11-04 7.5 High
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of Service.
CVE-2025-53701 2 Vilar, Vimicro 3 Vs-ipc1002, Vs-ipc1002, Vs-ipc1002 Firmware 2025-11-04 6.1 Medium
Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.
CVE-2025-53702 2 Vilar, Vimicro 3 Vs-ipc1002, Vs-ipc1002, Vs-ipc1002 Firmware 2025-11-04 6.5 Medium
Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required.  The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.
CVE-2023-45721 1 Hcltech 1 Domino Leap 2025-11-04 5.3 Medium
Insufficient default configuration in HCL Leap allows anonymous access to directory information.
CVE-2024-30115 1 Hcltech 1 Domino Leap 2025-11-04 6.3 Medium
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
CVE-2021-40524 1 Pureftpd 1 Pure-ftpd 2025-11-04 7.5 High
In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)
CVE-2025-8734 1 Gnu 1 Bison 2025-11-04 3.3 Low
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison.
CVE-2025-8733 1 Gnu 1 Bison 2025-11-04 3.3 Low
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison.
CVE-2025-12200 1 Dnsmasq 1 Dnsmasq 2025-11-03 3.3 Low
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and intentional behavior within dnsmasq's documented design, rather than security vulnerabilities.
CVE-2025-12199 1 Dnsmasq 1 Dnsmasq 2025-11-03 3.3 Low
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and intentional behavior within dnsmasq's documented design, rather than security vulnerabilities.
CVE-2025-12198 1 Dnsmasq 1 Dnsmasq 2025-11-03 7.8 High
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and intentional behavior within dnsmasq's documented design, rather than security vulnerabilities.
CVE-2024-9401 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2025-11-03 9.8 Critical
Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
CVE-2024-9394 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2025-11-03 6.1 Medium
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
CVE-2024-9393 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2025-11-03 7.5 High
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
CVE-2024-9392 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2025-11-03 9.8 Critical
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
CVE-2024-9287 2 Python, Redhat 4 Cpython, Python, Enterprise Linux and 1 more 2025-11-03 7.8 High
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
CVE-2024-9026 2 Php, Redhat 2 Php, Enterprise Linux 2025-11-03 3.3 Low
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.
CVE-2024-8932 3 Netapp, Php, Php Group 3 Ontap, Php, Php 2025-11-03 9.8 Critical
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
CVE-2024-8929 3 Php, Php Group, Redhat 3 Php, Php, Enterprise Linux 2025-11-03 5.8 Medium
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
CVE-2024-8927 2 Php, Redhat 2 Php, Enterprise Linux 2025-11-03 7.5 High
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.