Search
Search Results (336187 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31195 | 1 Apple | 1 Macos | 2025-05-27 | 6.3 Medium |
| The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox. | ||||
| CVE-2023-31493 | 1 Zoneminder | 1 Zoneminder | 2025-05-27 | 6.6 Medium |
| RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system. | ||||
| CVE-2024-30807 | 2 Axiosys, Bento4 | 2 Bento4, Bento4 | 2025-05-27 | 7.5 High |
| An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts. | ||||
| CVE-2024-30806 | 1 Axiosys | 1 Bento4 | 2025-05-27 | 6.5 Medium |
| An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac. | ||||
| CVE-2024-31621 | 1 Flowiseai | 1 Flowise | 2025-05-27 | 7.6 High |
| An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component. | ||||
| CVE-2024-23076 | 1 Jfree | 1 Jfreechart | 2025-05-27 | 7.5 High |
| JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2024-34047 | 1 O-ran-sc | 1 Ric-plt-e2mgr | 2025-05-27 | 4.3 Medium |
| O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. | ||||
| CVE-2024-34048 | 1 O-ran-sc | 1 Ric-plt-e2mgr | 2025-05-27 | 9.8 Critical |
| O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. | ||||
| CVE-2024-34049 | 1 Onosproject | 1 Traffic Steering Xapplication | 2025-05-27 | 7.5 High |
| Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString[0:3], plmnIdString[3:]" in reader.go. | ||||
| CVE-2023-4709 | 1 Totvs | 1 Rm | 2025-05-27 | 3.1 Low |
| A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. It is possible to mitigate the problem by applying the configuration setting <pages validateRequest="true" [...] viewStateEncryptionMode="Always" />. It is recommended to change the configuration settings. The vendor was initially contacted early about this disclosure but did not respond in any way. In a later statement he explains, that "the behavior described [...] is related to specific configurations that are not part of the default application setup. In standard production environments, the relevant feature (VIEWSTATE) is disabled by default, which effectively mitigates the risk of exploitation." | ||||
| CVE-2025-48794 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-48793 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-48792 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-48791 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-48790 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-48789 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-48788 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-48787 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-48786 | 2025-05-27 | N/A | ||
| Not used | ||||
| CVE-2025-37902 | 2025-05-26 | 7.0 High | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||