Export limit exceeded: 13448 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13448 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3215 | 1 Apple | 1 Swiftnio | 2025-05-20 | 7.5 High |
| NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines to their input (usually in encoded form) and "inject" those newlines into the returned HTTP response. This capability allows users to work around security headers and HTTP/1.1 framing headers by injecting entirely false responses or other new headers. The injected false responses may also be treated as the response to subsequent requests, which can lead to XSS, cache poisoning, and a number of other flaws. This issue was resolved by adding validation to the HTTPHeaders type, ensuring that there's no whitespace incorrectly present in the HTTP headers provided by users. As the existing API surface is non-failable, all invalid characters are replaced by linear whitespace. | ||||
| CVE-2025-43551 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-05-19 | 5.5 Medium |
| Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-1149 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-05-15 | 7.8 High |
| Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. | ||||
| CVE-2022-28887 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more | 2025-05-15 | 4.3 Medium |
| Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash. | ||||
| CVE-2025-30328 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-05-15 | 7.8 High |
| Animate versions 24.0.8, 23.0.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-30329 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-05-15 | 5.5 Medium |
| Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-30330 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-05-15 | 7.8 High |
| Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43545 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-05-15 | 7.8 High |
| Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43546 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-05-15 | 7.8 High |
| Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43547 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-05-15 | 7.8 High |
| Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43555 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-05-15 | 7.8 High |
| Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43556 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-05-15 | 7.8 High |
| Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43557 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-05-15 | 7.8 High |
| Animate versions 24.0.8, 23.0.11 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-23206 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-05-15 | 6.5 Medium |
| An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2022-32931 | 1 Apple | 1 Macos | 2025-05-15 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information. | ||||
| CVE-2025-30320 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-05-14 | 5.5 Medium |
| InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-30319 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-05-14 | 5.5 Medium |
| InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-30318 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-05-14 | 7.8 High |
| InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-30310 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2025-05-14 | 7.8 High |
| Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-24091 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-12 | 5.5 Medium |
| An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service. | ||||