Export limit exceeded: 363781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363781 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-27044 1 Qualcomm 17 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 14 more 2025-07-21 7.8 High
Memory corruption while executing timestamp video decode command with large input values.
CVE-2025-27058 1 Qualcomm 17 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 14 more 2025-07-21 7.8 High
Memory corruption while processing packet data with exceedingly large packet.
CVE-2025-27056 1 Qualcomm 51 Fastconnect 7800, Fastconnect 7800 Firmware, Qmp1000 and 48 more 2025-07-21 7.8 High
Memory corruption during sub-system restart while processing clean-up to free up resources.
CVE-2025-1121 1 Google 1 Chrome Os 2025-07-21 6.8 Medium
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
CVE-2025-50090 1 Oracle 2 Applications Framework, E-business Suite 2025-07-21 5.4 Medium
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
CVE-2025-53924 1 Emlog 1 Emlog 2025-07-21 6.9 Medium
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter resulting in Stored XSS. When someone clicks on the link the malicious code is executed. As of time of publication, no known patched versions exist.
CVE-2025-7747 1 Tenda 2 Fh451, Fh451 Firmware 2025-07-21 8.8 High
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. The manipulation of the argument PPW leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7754 2 Code-projects, Fabianros 2 Patient Record Management System, Patient Record Management System 2025-07-21 6.3 Medium
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /xray_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-38435 1 Unitronics 1 Visilogic 2025-07-21 6.5 Medium
Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
CVE-2023-25914 1 Danfoss 2 Ak-sm 800a, Ak-sm 800a Firmware 2025-07-19 8.8 High
Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise.
CVE-2025-52089 1 Totolink 2 N300rb, N300rb Firmware 2025-07-19 8.8 High
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.
CVE-2025-25568 1 Softether 1 Vpn 2025-07-19 9.8 Critical
SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no untrusted input and runs under the user's own privileges (it is a stress-testing tool for a networking stack).
CVE-2025-25567 1 Softether 1 Vpn 2025-07-19 9.8 Critical
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself through the UI,
CVE-2025-25566 1 Softether 1 Vpn 2025-07-19 5.6 Medium
Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function. NOTE: the Supplier disputes this because the behavior is limited to a single allocation of a few hundred bytes with a command-line tool.
CVE-2025-25565 1 Softether 1 Vpn 2025-07-19 9.8 Critical
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line.
CVE-2025-23090 2025-07-18 N/A
This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.
CVE-2025-53821 1 Wegia 1 Wegia 2025-07-18 4.7 Medium
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an uncontrolled redirection. Version 3.4.5 contains a fix for the issue.
CVE-2024-12777 2 Aimhubio, Aimstack 2 Aim, Aim 2025-07-18 N/A
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. The lack of an additional timeout setting in the sshfs-client causes the server to hang for a significant amount of time, preventing it from responding to other requests.
CVE-2024-12534 1 Openwebui 1 Open Webui 2025-07-18 N/A
In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service (DoS) condition when a user submits excessively large strings, exhausting server resources such as CPU, memory, and disk space, and rendering the service unavailable for legitimate users. This makes the server susceptible to resource exhaustion attacks without requiring authentication.
CVE-2024-12048 1 Superagi 1 Superagi 2025-07-18 N/A
An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.