Export limit exceeded: 364818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364818 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47470 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 7.8 High |
| Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c | ||||
| CVE-2024-22861 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 7.5 High |
| Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | ||||
| CVE-2024-22862 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 9.8 Critical |
| Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | ||||
| CVE-2023-46407 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 5.5 Medium |
| FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. | ||||
| CVE-2024-22860 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 9.8 Critical |
| Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | ||||
| CVE-2025-8022 | 1 Bun | 1 Bun | 2025-08-11 | N/A |
| Bun Shell does not invoke /bin/sh, or any other interpreter, for template literals created with the $ function. Each ${…} interpolation is treated as a single argument. The security responsibility for this usage pattern lies with the calling application, which must ensure the sanitization and validation of any untrusted arguments before passing them to the executed commands. Therefore, the potential for command injection is not a flaw within Bun itself; rather, it is an argument injection that is contingent on its implementation by the consuming application. | ||||
| CVE-2025-8771 | 2025-08-09 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: This affects a legitimate feature. The cause of the issue is an insecure database configuration established by the user. | ||||
| CVE-2024-37071 | 1 Ibm | 1 Db2 | 2025-08-09 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. | ||||
| CVE-2023-50956 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-09 | 4.4 Medium |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. | ||||
| CVE-2023-42123 | 2 Control-webpanel, Control Web Panel | 2 Webpanel, Control Web Panel | 2025-08-09 | N/A |
| Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the mysql_manager module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21080. | ||||
| CVE-2023-42122 | 2 Control-webpanel, Control Web Panel | 2 Webpanel, Control Web Panel | 2025-08-09 | N/A |
| Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cwpsrv process, which listens on the loopback interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-21079. | ||||
| CVE-2023-42121 | 2 Control-webpanel, Control Web Panel | 2 Webpanel, Control Web Panel | 2025-08-09 | N/A |
| Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of authentication within the web interface. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of a valid CWP user. Was ZDI-CAN-20582. | ||||
| CVE-2023-42120 | 2 Control-webpanel, Control Web Panel | 2 Webpanel, Control Web Panel | 2025-08-09 | N/A |
| Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the dns_zone_editor module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20581. | ||||
| CVE-2025-52914 | 1 Mitel | 1 Micollab | 2025-08-08 | 8.8 High |
| A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands. | ||||
| CVE-2025-26525 | 1 Moodle | 1 Moodle | 2025-08-08 | 8.6 High |
| Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed). | ||||
| CVE-2025-26526 | 1 Moodle | 1 Moodle | 2025-08-08 | 6.5 Medium |
| Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities. | ||||
| CVE-2025-26527 | 1 Moodle | 1 Moodle | 2025-08-08 | 5.3 Medium |
| Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block. | ||||
| CVE-2025-26528 | 1 Moodle | 1 Moodle | 2025-08-08 | 3.4 Low |
| The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2025-26529 | 1 Moodle | 1 Moodle | 2025-08-08 | 8.3 High |
| Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2025-0719 | 1 Ibm | 1 Cloud Pak For Data | 2025-08-08 | 6.1 Medium |
| IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||