Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364612 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24936 | 1 Nokia | 1 Wavesuite Noc | 2025-08-11 | 9 Critical |
| The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. An attacker with low privileged access to the application has the potential to execute commands on the operating system under the context of the webserver. | ||||
| CVE-2025-24937 | 1 Nokia | 1 Wavesuite Noc | 2025-08-11 | 9 Critical |
| File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. The web application allows arbitrary files to be included in a file that was downloadable and executable by the web server. | ||||
| CVE-2025-24938 | 1 Nokia | 1 Wavesuite Noc | 2025-08-11 | 8.4 High |
| The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application has the potential execute commands on the operating system under the context of the webserver. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. Has the potential to inject command while creating a new User from User Management. | ||||
| CVE-2023-41532 | 1 Kishan0725 | 1 Hospital Management System | 2025-08-11 | 8.8 High |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php. | ||||
| CVE-2023-41529 | 1 Kishan0725 | 1 Hospital Management System | 2025-08-11 | 6.1 Medium |
| Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters. | ||||
| CVE-2023-41527 | 1 Kishan0725 | 1 Hospital Management System | 2025-08-11 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php. | ||||
| CVE-2023-40992 | 1 Kishan0725 | 1 Hospital Management System | 2025-08-11 | 6.5 Medium |
| Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter. | ||||
| CVE-2024-37119 | 1 Uncannyowl | 1 Uncanny Automator | 2025-08-11 | 5.3 Medium |
| Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator Pro: from n/a through 5.3.0.0. | ||||
| CVE-2024-37470 | 2 Wofficeio, Xtendify | 2 Woffice Core, Woffice | 2025-08-11 | 8.2 High |
| Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8. | ||||
| CVE-2024-20351 | 1 Cisco | 1 Firepower Threat Defense Software | 2025-08-11 | 8.6 High |
| A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause legitimate network traffic to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of TCP/IP network traffic. An attacker could exploit this vulnerability by sending a large amount of TCP/IP network traffic through the affected device. A successful exploit could allow the attacker to cause the Cisco FTD device to drop network traffic, resulting in a DoS condition. The affected device must be rebooted to resolve the DoS condition. | ||||
| CVE-2023-25613 | 1 Apache | 1 Kerby Ldap Backend | 2025-08-11 | 9.8 Critical |
| An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. | ||||
| CVE-2024-20342 | 1 Cisco | 2 Firepower Threat Defense Software, Snort | 2025-08-11 | 5.8 Medium |
| Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter. This vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device. | ||||
| CVE-2025-2530 | 1 Luxion | 1 Keyshot | 2025-08-11 | N/A |
| Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of dae files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23698. | ||||
| CVE-2025-2531 | 1 Luxion | 1 Keyshot | 2025-08-11 | N/A |
| Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of dae files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23704. | ||||
| CVE-2023-47470 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 7.8 High |
| Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c | ||||
| CVE-2024-22861 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 7.5 High |
| Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | ||||
| CVE-2024-22862 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 9.8 Critical |
| Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | ||||
| CVE-2023-46407 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 5.5 Medium |
| FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. | ||||
| CVE-2024-22860 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 9.8 Critical |
| Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | ||||
| CVE-2025-8022 | 1 Bun | 1 Bun | 2025-08-11 | N/A |
| Bun Shell does not invoke /bin/sh, or any other interpreter, for template literals created with the $ function. Each ${…} interpolation is treated as a single argument. The security responsibility for this usage pattern lies with the calling application, which must ensure the sanitization and validation of any untrusted arguments before passing them to the executed commands. Therefore, the potential for command injection is not a flaw within Bun itself; rather, it is an argument injection that is contingent on its implementation by the consuming application. | ||||