Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0436 | 1 Google | 1 Chrome | 2025-04-21 | 8.8 High |
| Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-57760 | 1 Jeewms | 1 Jeewms | 2025-04-21 | 6.5 Medium |
| JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java. | ||||
| CVE-2025-0434 | 1 Google | 1 Chrome | 2025-04-21 | 8.8 High |
| Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-0435 | 1 Google | 2 Android, Chrome | 2025-04-21 | 6.5 Medium |
| Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2022-42842 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | 9.8 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution. | ||||
| CVE-2022-42841 | 1 Apple | 1 Macos | 2025-04-21 | 7.8 High |
| A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution. | ||||
| CVE-2022-42840 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-42837 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-21 | 9.8 Critical |
| An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution. | ||||
| CVE-2022-42832 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | 6.4 Medium |
| A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-42831 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | 6.4 Medium |
| A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-42821 | 1 Apple | 1 Macos | 2025-04-21 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks. | ||||
| CVE-2022-42805 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | 7.8 High |
| An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2024-56409 | 1 Phpoffice | 1 Phpspreadsheet | 2025-04-21 | 5.4 Medium |
| PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Currency.php` file. Using the `/vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | ||||
| CVE-2024-20151 | 1 Mediatek | 33 Mt2737, Mt2739, Mt6789 and 30 more | 2025-04-21 | 6.7 Medium |
| In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01399339; Issue ID: MSV-1928. | ||||
| CVE-2024-20152 | 4 Google, Linuxfoundation, Mediatek and 1 more | 24 Android, Yocto, Mt2737 and 21 more | 2025-04-21 | 4.4 Medium |
| In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798. | ||||
| CVE-2024-56828 | 1 1000mz | 1 Chestnutcms | 2025-04-21 | 9.8 Critical |
| File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the base64-encoded image is parsed. For example, given a string like: data:image/html;base64,PGh0bWw+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPjwvaHRtbD4= the content after the comma is extracted and decoded using Base64.getDecoder().decode(). The substring from the 11th character up to the first occurrence of a semicolon (;) is assigned to the suffix variable (representing the file extension). The decoded content is then written to a file. However, the file extension is not validated, and since this functionality is exposed to the frontend, it poses significant security risks. | ||||
| CVE-2024-12717 | 1 Aklamator | 1 Infeed | 2025-04-21 | 4.8 Medium |
| The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12731 | 1 Aklamator | 1 Infeed | 2025-04-21 | 6.1 Medium |
| The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-22983 | 1 Thecosy | 1 Icecms | 2025-04-21 | 7.5 High |
| An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. | ||||
| CVE-2024-55341 | 1 Dotnetfoundation | 1 Piranha Cms | 2025-04-21 | 4.7 Medium |
| A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload. | ||||