Export limit exceeded: 364156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364156 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-51767 1 Hpe 1 Autopass License Server 2025-07-25 7.3 High
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
CVE-2024-6151 1 Citrix 1 Virtual Apps And Desktops 2025-07-25 7.8 High
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS
CVE-2024-2049 1 Citrix 26 Citrix Sd Wan Premium Edition, Citrix Sd Wan Standard Edition, Sd-wan 1000 and 23 more 2025-07-25 6.5 Medium
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.
CVE-2024-33518 1 Arubanetworks 1 Arubaos 2025-07-25 5.3 Medium
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
CVE-2025-37107 1 Hpe 1 Autopass License Server 2025-07-25 7.3 High
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVE-2025-37106 1 Hpe 1 Autopass License Server 2025-07-25 7.3 High
An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
CVE-2025-22251 1 Fortinet 1 Fortios 2025-07-25 3 Low
An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.
CVE-2024-54019 1 Fortinet 2 Forticlient, Forticlientwindows 2025-07-25 4.4 Medium
A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.
CVE-2024-50568 1 Fortinet 2 Fortios, Fortiproxy 2025-07-25 5.6 Medium
A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specific data to spoof the identity of a downstream device of the security fabric via crafted TCP requests.
CVE-2024-50565 1 Fortinet 6 Fortianalyzer, Fortimanager, Fortios and 3 more 2025-07-25 3 Low
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device
CVE-2024-5492 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2025-07-25 6.1 Medium
Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway
CVE-2024-5491 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2025-07-25 7.5 High
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
CVE-2023-48785 1 Fortinet 1 Fortinac-f 2025-07-25 4.4 Medium
An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.
CVE-2024-6149 1 Citrix 1 Workspace 2025-07-25 6.1 Medium
Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5
CVE-2025-7908 2 D-link, Dlink 3 Di-8100, Di-8100, Di-8100 Firmware 2025-07-25 8.8 High
A vulnerability was found in D-Link DI-8100 1.0. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.asp?opt=add of the component jhttpd. The manipulation of the argument mx leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7909 1 Dlink 2 Dir-513, Dir-513 Firmware 2025-07-25 8.8 High
A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSettings of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-7910 1 Dlink 2 Dir-513, Dir-513 Firmware 2025-07-25 8.8 High
A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-20326 1 Cisco 3 Confd Basic, Confd Premium, Crosswork Network Services Orchestrator 2025-07-25 7.8 High
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.
CVE-2025-7240 2 Cadsofttools, Irfanview 3 Cadimage, Cadimage, Irfanview 2025-07-25 N/A
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26086.
CVE-2025-7239 2 Cadsofttools, Irfanview 3 Cadimage, Cadimage, Irfanview 2025-07-25 N/A
IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26085.