Export limit exceeded: 26069 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26069 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24598 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | 4.3 Medium |
| OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user. | ||||
| CVE-2024-21473 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Ar9380 and 251 more | 2025-01-13 | 9.8 Critical |
| Memory corruption while redirecting log file to any file location with any file name. | ||||
| CVE-2023-33100 | 1 Qualcomm | 100 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 97 more | 2025-01-13 | 7.5 High |
| Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification. | ||||
| CVE-2024-21452 | 1 Qualcomm | 12 C-v2x 9150, C-v2x 9150 Firmware, Qca6584au and 9 more | 2025-01-13 | 7.3 High |
| Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions. | ||||
| CVE-2024-54121 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 6.2 Medium |
| Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2024-56443 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 6.2 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-32695 | 1 Socket | 1 Socket.io-parser | 2025-01-13 | 7.3 High |
| socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. | ||||
| CVE-2024-56437 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 5.7 Medium |
| Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-34152 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2025-01-13 | 9.8 Critical |
| A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. | ||||
| CVE-2023-33741 | 2 Google, Macro-video | 2 Android, V380 Pro | 2025-01-13 | 7.5 High |
| Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device. | ||||
| CVE-2020-9089 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2025-01-13 | 3.3 Low |
| There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089. | ||||
| CVE-2022-38456 | 1 Ajax Search Project | 1 Ajax Search | 2025-01-13 | 4.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions. | ||||
| CVE-2023-51931 | 1 Alanclarke | 1 Urlite | 2025-01-13 | 7.5 High |
| An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function. | ||||
| CVE-2022-34159 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2025-01-10 | 7.5 High |
| Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-34159. | ||||
| CVE-2022-32204 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2025-01-10 | 7.5 High |
| There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. (Vulnerability ID: HWPSIRT-2022-87185) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32204. | ||||
| CVE-2023-31186 | 1 Avaya | 1 Ix Workforce Engagement | 2025-01-10 | 5.3 Medium |
| Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy | ||||
| CVE-2023-31185 | 1 Rozcom | 1 Rozcom Client | 2025-01-10 | 7.5 High |
| ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified request. | ||||
| CVE-2024-13136 | 1 Wangl1989 | 1 Mysiteforme | 2025-01-10 | 6.3 Medium |
| A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-32691 | 1 Go Simple Tunnel Project | 1 Go Simple Tunnel | 2025-01-10 | 5.9 Medium |
| gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`. | ||||
| CVE-2024-39725 | 1 Ibm | 2 Engineering Insights, Engineering Lifecycle Optimization - Engineering Insights | 2025-01-10 | 5.3 Medium |
| IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||