Export limit exceeded: 336921 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10132 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8656 | 2 Jvckenwood, Kenwood | 3 Dmx958xr, Dmx958xr Firmware, Dmx958xr | 2025-08-07 | N/A |
| Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows physically present attackers to downgrade software on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libSystemLib library. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26355. | ||||
| CVE-2023-44412 | 2 D-link, Dlink | 2 D-view, D-view 8 | 2025-08-07 | N/A |
| D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addDv7Probe function. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-19571. | ||||
| CVE-2024-58265 | 1 Mcginty | 1 Snow | 2025-08-07 | 3.1 Low |
| The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery. | ||||
| CVE-2025-7376 | 1 Mitsubishielectric | 3 Genesis, Genesis64, Mc Works64 | 2025-08-07 | 5.9 Medium |
| Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric MC Works64 all versions, and Mitsubishi Electric GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC. | ||||
| CVE-2025-50484 | 1 Phpgurukul | 1 Small Crm | 2025-08-07 | 7.1 High |
| Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack. | ||||
| CVE-2023-27324 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | N/A |
| Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. The issue results from the lack of proper initialization of environment variables. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. . Was ZDI-CAN-18229. | ||||
| CVE-2023-27322 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | N/A |
| Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The issue results from the lack of proper initialization of environment variables. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17751. | ||||
| CVE-2023-27325 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | 7.8 High |
| Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. The issue results from the lack of proper initialization of environment variables. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. . Was ZDI-CAN-18253. | ||||
| CVE-2024-42645 | 1 Flashmq | 1 Flashmq | 2025-08-06 | 7.5 High |
| An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service (DoS). | ||||
| CVE-2024-42644 | 1 Flashmq | 1 Flashmq | 2025-08-06 | 7.5 High |
| FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of the publish object is greater than 0. | ||||
| CVE-2025-46386 | 2025-08-06 | 8.8 High | ||
| CWE-639 Authorization Bypass Through User-Controlled Key | ||||
| CVE-2025-46387 | 2025-08-06 | 8.8 High | ||
| CWE-639 Authorization Bypass Through User-Controlled Key | ||||
| CVE-2025-46389 | 2025-08-06 | 6.5 Medium | ||
| CWE-620: Unverified Password Change | ||||
| CVE-2024-5528 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 3.5 Low |
| An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages. | ||||
| CVE-2025-1198 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 4.2 Medium |
| An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results. | ||||
| CVE-2025-48952 | 1 Netalertx | 1 Netalertx | 2025-08-06 | 9.4 Critical |
| NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in front/index.php. This introduces a security issue where specially crafted "magic hash" values that evaluate to true in a loose comparison can bypass authentication. Because of the use of `==` instead of the strict `===`, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain "weird" passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability. | ||||
| CVE-2024-58264 | 1 Cosmwasm | 2 Serde-json-wasm, Serde Json Wasm | 2025-08-06 | 3.2 Low |
| The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data. | ||||
| CVE-2025-36039 | 1 Ibm | 1 Aspera Faspex | 2025-08-06 | 6.5 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms, | ||||
| CVE-2025-36040 | 1 Ibm | 1 Aspera Faspex | 2025-08-06 | 6.5 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms. | ||||
| CVE-2024-24562 | 1 Vantage6 | 1 Vantage6-ui | 2025-08-06 | 5.4 Medium |
| vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx. | ||||