Export limit exceeded: 335857 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335857 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335857 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0754 | 1 Mozilla | 1 Firefox | 2025-05-22 | 6.5 Medium |
| Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. | ||||
| CVE-2024-0749 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-05-22 | 4.3 Medium |
| A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7. | ||||
| CVE-2024-0747 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-05-22 | 6.5 Medium |
| When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2024-0517 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | 8.8 High |
| Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-0187 | 1 Peepso | 1 Peepso | 2025-05-22 | 6.1 Medium |
| The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-48627 | 1 Adobe | 1 Substance 3d Sampler | 2025-05-22 | 7.8 High |
| Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-5124 | 1 Pagelayer | 1 Pagelayer | 2025-05-22 | 4.8 Medium |
| The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations. | ||||
| CVE-2023-5091 | 1 Arm | 1 Valhall Gpu Kernel Driver | 2025-05-22 | 7 High |
| Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0. | ||||
| CVE-2023-48085 | 1 Nagios | 1 Nagios Xi | 2025-05-22 | 9.8 Critical |
| Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php. | ||||
| CVE-2023-41151 | 2 Microsoft, Softing | 4 Windows, Opc, Opc Ua C\+\+ Software Development Kit and 1 more | 2025-05-22 | 7.5 High |
| An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. | ||||
| CVE-2022-40103 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | 5.5 Medium |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||
| CVE-2022-40102 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | 7.5 High |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||
| CVE-2022-40101 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | 7.5 High |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||
| CVE-2022-40100 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | 9.8 Critical |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function. | ||||
| CVE-2022-35247 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients. | ||||
| CVE-2022-32823 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-22 | 5.5 Medium |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information. | ||||
| CVE-2022-32821 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-22 | 7.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32819 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-22 | 7.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges. | ||||
| CVE-2022-32229 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection. | ||||
| CVE-2020-36773 | 1 Artifex | 1 Ghostscript | 2025-05-22 | 9.8 Critical |
| Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). | ||||