Export limit exceeded: 363984 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363984 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7225 1 Invt 1 Hmitool 2025-07-29 N/A
INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25047.
CVE-2025-7224 1 Invt 1 Hmitool 2025-07-29 N/A
INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25045.
CVE-2025-54432 2025-07-29 N/A
This CVE is a duplicate of another CVE. See CVE-2018-25031 and CVE-2021-46708.
CVE-2025-54420 2025-07-29 N/A
This CVE is a duplicate of CVE-2025-8129.
CVE-2014-9194 1 Arbiter 1 1094b Gps Substation Clock 2025-07-29 N/A
Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.
CVE-2025-8156 1 Phpgurukul 1 User Registration \& Login And User Management System 2025-07-29 6.3 Medium
A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/lastsevendays-reg-users.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8134 1 Phpgurukul 1 Bp Monitoring Management System 2025-07-29 6.3 Medium
A vulnerability classified as critical was found in PHPGurukul BP Monitoring Management System 1.0. This vulnerability affects unknown code of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7223 1 Invt 1 Hmitool 2025-07-29 N/A
INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25044.
CVE-2025-54532 1 Jetbrains 1 Teamcity 2025-07-29 4.3 Medium
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
CVE-2025-54533 1 Jetbrains 1 Teamcity 2025-07-29 4.3 Medium
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
CVE-2025-54534 1 Jetbrains 1 Teamcity 2025-07-29 4.8 Medium
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
CVE-2025-54535 1 Jetbrains 1 Teamcity 2025-07-29 5.8 Medium
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
CVE-2025-54538 1 Jetbrains 1 Teamcity 2025-07-29 5.5 Medium
In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
CVE-2025-54537 1 Jetbrains 1 Teamcity 2025-07-29 5.5 Medium
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
CVE-2025-4496 1 Totolink 14 A3000ru, A3000ru Firmware, A3100r and 11 more 2025-07-29 8.8 High
A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1079 3 Apple, Google, Linux 3 Macos, Web Designer, Linux Kernel 2025-07-29 7.8 High
Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature
CVE-2025-20216 1 Cisco 1 Catalyst Sd-wan Manager 2025-07-29 4.7 Medium
A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper sanitization of input to the web interface. An attacker could exploit this vulnerability by convincing an authenticated user to click a malicious link. A successful exploit could allow the attacker to inject HTML into the browser of an authenticated Cisco Catalyst SD-WAN Manager user.
CVE-2023-32257 3 Linux, Netapp, Redhat 7 Linux Kernel, H300s, H410s and 4 more 2025-07-29 8.1 High
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
CVE-2023-3877 1 Campcodes 1 Beauty Salon Management System 2025-07-29 6.3 Medium
A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument cost leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235239.
CVE-2021-47354 1 Linux 1 Linux Kernel 2025-07-29 9.1 Critical
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corruptions Wait for all dependencies of a job to complete before killing it to avoid data corruptions.