Export limit exceeded: 338251 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338251 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36202 | 1 Ibm | 2 Webmethods, Webmethods Integration | 2025-10-03 | 7.5 High |
| IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source. | ||||
| CVE-2025-36037 | 1 Ibm | 2 Webmethods, Webmethods Integration | 2025-10-03 | 5.4 Medium |
| IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-36011 | 1 Ibm | 1 Jazz For Service Management | 2025-10-03 | 4.3 Medium |
| IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | ||||
| CVE-2024-42260 | 1 Linux | 1 Linux Kernel | 2025-10-03 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the performance extension If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfully or otherwise fail the extension by jumping into the existing unwind. (cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213) | ||||
| CVE-2024-42261 | 1 Linux | 1 Linux Kernel | 2025-10-03 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfully or otherwise fail the extension by jumping into the existing unwind. (cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3) | ||||
| CVE-2025-8937 | 1 Totolink | 2 N350r, N350r Firmware | 2025-10-03 | 6.3 Medium |
| A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8938 | 1 Totolink | 2 N350r, N350r Firmware | 2025-10-03 | 6.3 Medium |
| A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9003 | 2 D-link, Dlink | 3 Dir-818lw, Dir-818lw, Dir-818lw Firmware | 2025-10-03 | 3.5 Low |
| A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-7932 | 1 Dlink | 2 Dir-817l, Dir-817l Firmware | 2025-10-03 | 6.3 Medium |
| A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7836 | 2 D-link, Dlink | 3 Dir-816l, Dir-816l, Dir-816l Firmware | 2025-10-03 | 6.3 Medium |
| A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-33058 | 1 Qualcomm | 379 Aqt1000, Aqt1000 Firmware, Ar8035 and 376 more | 2025-10-03 | 7.5 High |
| Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. | ||||
| CVE-2024-33035 | 1 Qualcomm | 181 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 178 more | 2025-10-03 | 8.4 High |
| Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. | ||||
| CVE-2024-33016 | 1 Qualcomm | 669 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 666 more | 2025-10-03 | 6.8 Medium |
| memory corruption when an invalid firehose patch command is invoked. | ||||
| CVE-2025-56769 | 1 Hutool | 1 Hutool | 2025-10-03 | 6.5 Medium |
| An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class. | ||||
| CVE-2024-23365 | 1 Qualcomm | 96 Fastconnect 7800, Fastconnect 7800 Firmware, Qam8255p and 93 more | 2025-10-03 | 8.4 High |
| Memory corruption while releasing shared resources in MinkSocket listener thread. | ||||
| CVE-2024-23364 | 1 Qualcomm | 359 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 356 more | 2025-10-03 | 7.5 High |
| Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA). | ||||
| CVE-2024-23362 | 1 Qualcomm | 466 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 463 more | 2025-10-03 | 7.1 High |
| Cryptographic issue while parsing RSA keys in COBR format. | ||||
| CVE-2024-23358 | 1 Qualcomm | 107 205 Mobile Platform, 205 Mobile Platform Firmware, Apq8017 and 104 more | 2025-10-03 | 7.5 High |
| Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem. | ||||
| CVE-2024-23359 | 1 Qualcomm | 324 205 Mobile Platform, 205 Mobile Platform Firmware, 315 5g Iot Modem and 321 more | 2025-10-03 | 8.2 High |
| Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. | ||||
| CVE-2025-29155 | 1 Smartbear | 1 Swagger Petstore | 2025-10-03 | 6.5 Medium |
| An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint | ||||