Export limit exceeded: 365367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365367 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6603 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-21 | 7.5 High |
| A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization. | ||||
| CVE-2023-38533 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | 3.3 Low |
| A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. | ||||
| CVE-2024-37905 | 1 Goauthentik | 1 Authentik | 2025-08-21 | 8.8 High |
| authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including resetting user passwords and more. This issue has been patched in version(s) 2024.2.4, 2024.4.2 and 2024.6.0. | ||||
| CVE-2025-9087 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-21 | 8.8 High |
| A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9088 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-21 | 8.8 High |
| A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9089 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-21 | 8.8 High |
| A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9090 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-21 | 6.3 Medium |
| A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9091 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-21 | 2.5 Low |
| A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-38371 | 1 Goauthentik | 1 Authentik | 2025-08-21 | 8.6 High |
| authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been patched in version(s) 2024.6.0, 2024.2.4 and 2024.4.3. | ||||
| CVE-2023-6247 | 1 Openvpn | 1 Openvpn 3 | 2025-08-21 | 6.5 Medium |
| The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing. | ||||
| CVE-2024-34478 | 1 Btcd Project | 1 Btcd | 2025-08-21 | 7.5 High |
| btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds. | ||||
| CVE-2024-2641 | 1 Ruijie | 2 Rg-nbs2009g-p, Rg-nbs2009g-p Firmware | 2025-08-21 | 5.3 Medium |
| A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-57734 | 1 Jetbrains | 1 Teamcity | 2025-08-21 | 4.3 Medium |
| In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files | ||||
| CVE-2024-2642 | 1 Ruijie | 2 Rg-nbs2009g-p, Rg-nbs2009g-p Firmware | 2025-08-21 | 7.3 High |
| A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /EXCU_SHELL. The manipulation of the argument Command1 leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-23365 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | 7.8 High |
| A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code. | ||||
| CVE-2025-57733 | 1 Jetbrains | 1 Teamcity | 2025-08-21 | 5.5 Medium |
| In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content | ||||
| CVE-2025-23364 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | 6.2 Medium |
| A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations. | ||||
| CVE-2025-57731 | 1 Jetbrains | 1 Youtrack | 2025-08-21 | 8.7 High |
| In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content | ||||
| CVE-2024-25015 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Mq and 2 more | 2025-08-21 | 7.5 High |
| IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278. | ||||
| CVE-2025-4660 | 2 Forescout, Microsoft | 2 Secureconnector, Windows | 2025-08-21 | 9.8 Critical |
| A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent. This does not impact Linux or OSX Secure Connector. | ||||