Export limit exceeded: 364910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364910 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-35421 2 Lonelycoder, Vmir 2 Vmir, Vmir 2025-06-05 5.5 Medium
vmir e8117 was discovered to contain a segmentation violation via the wasm_parse_block function at /src/vmir_wasm_parser.c.
CVE-2024-35422 2 Lonelycoder, Vmir 2 Vmir, Vmir 2025-06-05 7.8 High
vmir e8117 was discovered to contain a heap buffer overflow via the wasm_call function at /src/vmir_wasm_parser.c.
CVE-2024-35423 2 Lonelycoder, Vmir 2 Vmir, Vmir 2025-06-05 7.8 High
vmir e8117 was discovered to contain a heap buffer overflow via the wasm_parse_section_functions function at /src/vmir_wasm_parser.c.
CVE-2024-35424 2 Lonelycoder, Vmir 2 Vmir, Vmir 2025-06-05 5.5 Medium
vmir e8117 was discovered to contain a segmentation violation via the import_function function at /src/vmir_wasm_parser.c.
CVE-2024-35425 2 Lonelycoder, Vmir 2 Vmir, Vmir 2025-06-05 5.5 Medium
vmir e8117 was discovered to contain a segmentation violation via the function_prepare_parse function at /src/vmir_function.c.
CVE-2024-35426 2 Lonelycoder, Vmir 2 Vmir, Vmir 2025-06-05 9.8 Critical
vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src/vmir_wasm_parser.c.
CVE-2024-35427 2 Lonelycoder, Vmir 2 Vmir, Vmir 2025-06-05 5.5 Medium
vmir e8117 was discovered to contain a segmentation violation via the export_function function at /src/vmir_wasm_parser.c.
CVE-2023-34990 1 Fortinet 1 Fortiwlm 2025-06-05 9.6 Critical
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
CVE-2024-5409 1 Saltos 1 Rhinos 2025-06-05 7.1 High
RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.
CVE-2024-5408 1 Saltos 1 Rhinos 2025-06-05 7.1 High
Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL.
CVE-2024-13333 1 Advancedfilemanager 1 Advanced File Manager 2025-06-05 7.5 High
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above and upload permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. The function can be exploited only if the "Display .htaccess?" setting is enabled.
CVE-2024-31617 1 Litespeedtech 1 Openlitespeed 2025-06-05 5.3 Medium
OpenLiteSpeed before 1.8.1 mishandles chunked encoding.
CVE-2023-53025 1 Redhat 1 Enterprise Linux 2025-06-05 7.0 High
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-49208 1 Glewlwyd Sso Server Project 1 Glewlwyd Sso Server 2025-06-05 9.8 Critical
scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.
CVE-2022-41201 1 Sap 1 3d Visual Enterprise Viewer 2025-06-05 7.8 High
Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
CVE-2020-8929 1 Google 1 Tink Java 2025-06-05 5.3 Medium
A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.
CVE-2024-4420 1 Google 1 Tink C\+\+ 2025-06-05 7.5 High
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object. * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input containing many nested JSON objects. This may result in a stack overflow. We recommend upgrading to version 2.1.3 or above
CVE-2025-37802 1 Linux 1 Linux Kernel 2025-06-05 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" wait_event_timeout() will set the state of the current task to TASK_UNINTERRUPTIBLE, before doing the condition check. This means that ksmbd_durable_scavenger_alive() will try to acquire the mutex while already in a sleeping state. The scheduler warns us by giving the following warning: do not call blocking ops when !TASK_RUNNING; state=2 set at [<0000000061515a6f>] prepare_to_wait_event+0x9f/0x6c0 WARNING: CPU: 2 PID: 4147 at kernel/sched/core.c:10099 __might_sleep+0x12f/0x160 mutex lock is not needed in ksmbd_durable_scavenger_alive().
CVE-2023-35817 1 Devexpress 1 Devexpress 2025-06-05 5 Medium
DevExpress before 23.1.3 allows AsyncDownloader SSRF.
CVE-2023-35816 1 Devexpress 1 Devexpress 2025-06-05 3.5 Low
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.