Export limit exceeded: 11788 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11788 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6099 | 1 Graphisoft | 1 Bimx Desktop Viewer | 2025-04-15 | 7.8 High |
| An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-29886 | 1 Estsoft | 1 Alyac | 2025-04-15 | 7.8 High |
| An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-32543 | 1 Estsoft | 1 Alyac | 2025-04-15 | 7.8 High |
| An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-28710 | 1 Wwbn | 1 Avideo | 2025-04-15 | 6.5 Medium |
| An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-32761 | 1 Wwbn | 1 Avideo | 2025-04-15 | 6.5 Medium |
| An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-36316 | 1 Mozilla | 1 Firefox | 2025-04-15 | 6.1 Medium |
| When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. | ||||
| CVE-2022-36314 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-04-15 | 5.5 Medium |
| When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. | ||||
| CVE-2024-34486 | 1 Facuet | 1 Ryu | 2025-04-15 | 7.5 High |
| OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0. | ||||
| CVE-2022-38474 | 1 Mozilla | 1 Firefox | 2025-04-15 | 4.3 Medium |
| A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.<br />*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 104. | ||||
| CVE-2024-33768 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | 9.8 Critical |
| lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over. | ||||
| CVE-2024-57720 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | 6.5 Medium |
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_blend. | ||||
| CVE-2024-57721 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | 6.5 Medium |
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path. | ||||
| CVE-2024-57723 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | 6.5 Medium |
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component composition_source_over. | ||||
| CVE-2024-55456 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | 6.5 Medium |
| lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell | ||||
| CVE-2024-33668 | 1 Zammad | 1 Zammad | 2025-04-15 | 9.1 Critical |
| An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to. | ||||
| CVE-2025-32359 | 1 Zammad | 1 Zammad | 2025-04-15 | 4.8 Medium |
| In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not when using the API directly. | ||||
| CVE-2022-45413 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-15 | 6.1 Medium |
| Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107. | ||||
| CVE-2005-10001 | 1 Broadcom | 1 Symantec Siteminder | 2025-04-15 | 5.4 Medium |
| A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2022-1073 | 1 Automatic Question Paper Generator System Project | 1 Automatic Question Paper Generator System | 2025-04-15 | 7.3 High |
| A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely. | ||||
| CVE-2020-36532 | 1 Klapp | 1 App | 2025-04-15 | 4.3 Medium |
| A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app. | ||||