Export limit exceeded: 363819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 24974 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (24974 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3181 1 Microsoft 2 Windows Server 2003, Windows Xp 2025-04-11 N/A
usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
CVE-2011-1965 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-11 N/A
Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
CVE-2011-1975 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-11 N/A
Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
CVE-2013-1330 1 Microsoft 5 Office Web Apps, Sharepoint Foundation, Sharepoint Portal Server and 2 more 2025-04-11 N/A
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."
CVE-2012-0177 1 Microsoft 3 Office, Works, Works 6-9 File Converter 2025-04-11 N/A
Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
CVE-2011-1269 1 Microsoft 4 Office, Office Compatibility Pack, Open Xml File Format Converter and 1 more 2025-04-11 N/A
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability."
CVE-2022-42267 2 Microsoft, Nvidia 2 Windows, Virtual Gpu 2025-04-10 7 High
NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
CVE-2024-20763 3 Adobe, Apple, Microsoft 3 Animate, Macos, Windows 2025-04-10 5.5 Medium
Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-34669 2 Microsoft, Nvidia 3 Windows, Cloud Gaming, Virtual Gpu 2025-04-10 8.8 High
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
CVE-2023-33140 1 Microsoft 1 Onenote 2025-04-10 6.5 Medium
Microsoft OneNote Spoofing Vulnerability
CVE-2024-25708 2 Esri, Microsoft 2 Arcgis Enterprise, Windows 2025-04-10 4.8 Medium
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.
CVE-2024-25692 3 Esri, Linux, Microsoft 3 Portal For Arcgis, Linux Kernel, Windows 2025-04-10 5.4 Medium
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity.
CVE-2023-25841 3 Esri, Linux, Microsoft 3 Arcgis Server, Linux Kernel, Windows 2025-04-10 6.1 Medium
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities.
CVE-2023-25840 3 Esri, Linux, Microsoft 3 Arcgis Server, Linux Kernel, Windows 2025-04-10 3.4 Low
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser.  The privileges required to execute this attack are high.
CVE-2022-34681 2 Microsoft, Nvidia 3 Windows, Cloud Gaming, Virtual Gpu 2025-04-10 5.5 Medium
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, where improper input validation of a display-related data structure may lead to denial of service.
CVE-2022-34678 6 Citrix, Linux, Microsoft and 3 more 7 Hypervisor, Linux Kernel, Windows and 4 more 2025-04-10 6.5 Medium
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.
CVE-2024-25707 3 Esri, Linux, Microsoft 3 Portal For Arcgis, Linux Kernel, Windows 2025-04-10 4.8 Medium
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code.
CVE-2024-25698 3 Esri, Linux, Microsoft 3 Portal For Arcgis, Linux Kernel, Windows 2025-04-10 6.1 Medium
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
CVE-2024-25690 3 Esri, Linux, Microsoft 3 Portal For Arcgis, Linux Kernel, Windows 2025-04-10 4.7 Medium
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
CVE-2022-45049 3 Axiell, Linux, Microsoft 3 Iguana, Linux Kernel, Windows 2025-04-10 6.1 Medium
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The url parameter on the novelist.php endpoint does not properly neutralise user input, resulting in the vulnerability.