Export limit exceeded: 42196 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (42196 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57880 | 1 Hallowelt | 1 Bluespice | 2025-09-22 | 5.4 Medium |
| Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceWhoIsOnline) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1. | ||||
| CVE-2025-49604 | 2025-09-22 | 5.4 Medium | ||
| For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment function, lack of validation of the size of fragmented Wi-Fi frames may lead to a heap-based buffer overflow. | ||||
| CVE-2024-33258 | 1 Jerryscript | 1 Jerryscript | 2025-09-22 | 7.1 High |
| Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c. | ||||
| CVE-2025-22482 | 1 Qnap | 1 Qsync Central | 2025-09-20 | 8.1 High |
| A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later | ||||
| CVE-2025-9523 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-09-20 | 9.8 Critical |
| A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2025-51535 | 2 Austrian Archaeological Institute, Craws | 2 Openatlas, Openatlas | 2025-09-20 | 9.1 Critical |
| Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability. | ||||
| CVE-2025-54617 | 1 Huawei | 1 Harmonyos | 2025-09-20 | 6.8 Medium |
| Stack-based buffer overflow vulnerability in the dms_fwk module. Impact: Successful exploitation of this vulnerability can cause RCE. | ||||
| CVE-2025-54628 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-20 | 5.3 Medium |
| Vulnerability of incomplete verification information in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-54630 | 1 Huawei | 1 Harmonyos | 2025-09-20 | 6.8 Medium |
| :Vulnerability of insufficient data length verification in the DFA module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-54632 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-20 | 6.8 Medium |
| Vulnerability of insufficient data length verification in the HVB module. Impact: Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2025-54643 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-20 | 6.6 Medium |
| Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-54644 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-20 | 6.6 Medium |
| Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-54650 | 1 Huawei | 1 Harmonyos | 2025-09-20 | 4.2 Medium |
| Improper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect the audio decoding function. | ||||
| CVE-2025-58749 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2025-09-20 | 5.3 Medium |
| WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand (memory address pointer) is greater than or equal to 2147483648 bytes (2GiB). This causes the runtime to hang in release builds or crash in debug builds due to accessing an invalid pointer. The issue does not occur in FAST-JIT mode or other runtime tools. This has been fixed in version 2.4.2. | ||||
| CVE-2025-10094 | 1 Gitlab | 1 Gitlab | 2025-09-20 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names. | ||||
| CVE-2025-2256 | 1 Gitlab | 1 Gitlab | 2025-09-20 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses. | ||||
| CVE-2025-10432 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-09-20 | 9.8 Critical |
| A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2014-0770 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. | ||||
| CVE-2014-0768 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code. | ||||
| CVE-2014-0767 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely. | ||||