Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (45970 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-60355 2 Zhangyd-c, Zhyd 2 Oneblog, Oneblog 2026-03-04 9.8 Critical
zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVE-2025-13120 1 Mruby 1 Mruby 2026-03-04 5.3 Medium
A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue.
CVE-2025-59600 1 Qualcomm 329 Ar8031, Ar8031 Firmware, Ar8035 and 326 more 2026-03-04 7.8 High
Memory Corruption when adding user-supplied data without checking available buffer space.
CVE-2025-69765 1 Tenda 2 Ax3, Ax3 Firmware 2026-03-04 7.5 High
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution.
CVE-2019-25329 1 Internet-soft 1 Ftp Navigator 2026-03-03 7.5 High
FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler (SEH) with malicious input. Attackers can generate a payload of 4108 'A' characters followed by 4 'B' characters and 40 'C' characters to trigger a program crash when pasted into the custom command input.
CVE-2017-5225 1 Libtiff 1 Libtiff 2026-03-02 8.8 High
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.
CVE-2025-62514 2 Parsec.cloud, Scille 2 Parsec, Parsec-cloud 2026-03-02 8.3 High
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue.
CVE-2024-9397 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2026-03-02 6.1 Medium
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
CVE-2025-48022 2 Yokogawa, Yokogawa Electric Corporation 3 Centum Vp, Vnet\/ip Interface Package, Vnet/ip Interface Package 2026-03-02 6.5 Medium
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVE-2025-48021 2 Yokogawa, Yokogawa Electric Corporation 3 Centum Vp, Vnet\/ip Interface Package, Vnet/ip Interface Package 2026-03-02 6.5 Medium
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVE-2025-1924 2 Yokogawa, Yokogawa Electric Corporation 3 Centum Vp, Vnet\/ip Interface Package, Vnet/ip Interface Package 2026-03-02 8.2 High
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVE-2025-14511 1 Gitlab 1 Gitlab 2026-02-28 7.5 High
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions.
CVE-2020-37196 1 Nsasoft 2 Domain Name Search Software, Nsauditor Dnss Domain Name Search Software 2026-02-27 7.5 High
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
CVE-2025-40552 1 Solarwinds 1 Web Help Desk 2026-02-27 9.8 Critical
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
CVE-2020-37212 1 Nsasoft 2 Nsauditor Spotmsn, Spotmsn 2026-02-26 7.5 High
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37211 1 Nsasoft 2 Nsauditor Spotim, Spotim 2026-02-26 7.5 High
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37210 1 Nsasoft 2 Nsauditor Spotie, Spotie 2026-02-26 7.5 High
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
CVE-2020-37207 1 Nsasoft 2 Nsauditor Spotdialup, Spotdialup 2026-02-26 7.5 High
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
CVE-2020-37206 1 Nsasoft 2 Nsauditor Sharealarmpro Advanced Network Access Control, Sharealarmpro 2026-02-26 7.5 High
ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field.
CVE-2020-37197 1 Nsasoft 2 Domain Name Search Software, Nsauditor Dnss Domain Name Search Software 2026-02-26 7.5 High
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.