Export limit exceeded: 337790 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337790 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1405 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 12 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-1458 | 1 Microsoft | 8 Windows 10 1507, Windows 10 1607, Windows 7 and 5 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | ||||
| CVE-2020-0601 | 2 Golang, Microsoft | 14 Go, Windows, Windows 10 1507 and 11 more | 2025-10-29 | 8.1 High |
| A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | ||||
| CVE-2020-0638 | 1 Microsoft | 9 Windows 10 1709, Windows 10 1803, Windows 10 1809 and 6 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'. | ||||
| CVE-2020-0646 | 1 Microsoft | 15 .net Framework, Windows 10 1507, Windows 10 1607 and 12 more | 2025-10-29 | 9.8 Critical |
| A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. | ||||
| CVE-2020-0674 | 1 Microsoft | 15 Internet Explorer, Windows 10 1507, Windows 10 1607 and 12 more | 2025-10-29 | 7.5 High |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. | ||||
| CVE-2020-0683 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 14 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686. | ||||
| CVE-2020-0688 | 1 Microsoft | 1 Exchange Server | 2025-10-29 | 8.8 High |
| A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | ||||
| CVE-2020-0787 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 14 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | ||||
| CVE-2020-0796 | 1 Microsoft | 4 Windows 10 1903, Windows 10 1909, Windows Server 1903 and 1 more | 2025-10-29 | 10.0 Critical |
| A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'. | ||||
| CVE-2020-0938 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 14 more | 2025-10-29 | 7.8 High |
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020. | ||||
| CVE-2020-0968 | 1 Microsoft | 15 Internet Explorer, Windows 10 1507, Windows 10 1607 and 12 more | 2025-10-29 | 7.5 High |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970. | ||||
| CVE-2020-0986 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 14 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | ||||
| CVE-2025-49124 | 1 Apache | 1 Tomcat | 2025-10-29 | 8.4 High |
| Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100 and 7.0.95 through 7.0.109. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. | ||||
| CVE-2020-17087 | 1 Microsoft | 24 Windows 10, Windows 10 1507, Windows 10 1607 and 21 more | 2025-10-29 | 7.8 High |
| Windows Kernel Local Elevation of Privilege Vulnerability | ||||
| CVE-2024-54091 | 1 Siemens | 3 Parasolid, Solid Edge Se2024, Solid Edge Se2025 | 2025-10-29 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-36890 | 1 Linux | 1 Linux Kernel | 2025-10-29 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) = gpiochip_dup_line_label(chip, i); 172 if (IS_ERR(label)) { 173 dev_err(wm831x->dev, "Failed to duplicate label\n"); 174 continue; 175 } The auto clean up function should check for error pointers as well, otherwise we're going to keep hitting issues like this. | ||||
| CVE-2022-48635 | 1 Linux | 1 Linux Kernel | 2025-10-29 | 6.2 Medium |
| In the Linux kernel, the following vulnerability has been resolved: fsdax: Fix infinite loop in dax_iomap_rw() I got an infinite loop and a WARNING report when executing a tail command in virtiofs. WARNING: CPU: 10 PID: 964 at fs/iomap/iter.c:34 iomap_iter+0x3a2/0x3d0 Modules linked in: CPU: 10 PID: 964 Comm: tail Not tainted 5.19.0-rc7 Call Trace: <TASK> dax_iomap_rw+0xea/0x620 ? __this_cpu_preempt_check+0x13/0x20 fuse_dax_read_iter+0x47/0x80 fuse_file_read_iter+0xae/0xd0 new_sync_read+0xfe/0x180 ? 0xffffffff81000000 vfs_read+0x14d/0x1a0 ksys_read+0x6d/0xf0 __x64_sys_read+0x1a/0x20 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd The tail command will call read() with a count of 0. In this case, iomap_iter() will report this WARNING, and always return 1 which casuing the infinite loop in dax_iomap_rw(). Fixing by checking count whether is 0 in dax_iomap_rw(). | ||||
| CVE-2021-31693 | 1 10web | 1 Photo Gallery | 2025-10-29 | 6.1 Medium |
| The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693. | ||||
| CVE-2024-25646 | 1 Sap | 1 Businessobjects Web Intelligence | 2025-10-29 | 7.7 High |
| Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application. | ||||