Export limit exceeded: 364947 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364947 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-31818 1 Derbynet 1 Derbynet 2025-06-17 9.8 Critical
Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component.
CVE-2024-30845 1 Rainbow External Link Network Disk Project 1 Rainbow External Link Network Disk 2025-06-17 6.1 Medium
Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters.
CVE-2024-20715 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-06-17 5.5 Medium
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20714 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-06-17 5.5 Medium
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20713 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-06-17 5.5 Medium
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20712 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-06-17 5.5 Medium
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20711 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-06-17 5.5 Medium
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20710 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-06-17 5.5 Medium
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-0361 1 Phpgurukul 1 Hospital Management System 2025-06-17 5.5 Medium
A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128.
CVE-2024-0359 1 Code-projects 1 Simple Online Hotel Reservation System 2025-06-17 7.3 High
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability.
CVE-2023-49295 2 Quic-go Project, Redhat 2 Quic-go, Ansible Automation Platform 2025-06-17 6.4 Medium
quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4.
CVE-2023-48783 1 Fortinet 1 Fortiportal 2025-06-17 4.9 Medium
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests.
CVE-2023-48266 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2025-06-17 8.1 High
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
CVE-2023-48265 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2025-06-17 8.1 High
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
CVE-2023-48263 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2025-06-17 8.1 High
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
CVE-2023-48262 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2025-06-17 8.1 High
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
CVE-2023-48260 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2025-06-17 5.3 Medium
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
CVE-2023-48259 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2025-06-17 5.3 Medium
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
CVE-2023-48258 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2025-06-17 5.5 Medium
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session.
CVE-2023-48257 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2025-06-17 7.8 High
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.