Export limit exceeded: 342614 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 34836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34836 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37522 | 1 Hcltechsw | 1 Bigfix Bare Osd Metal Server Webui | 2025-06-16 | 5.6 Medium |
| HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser. | ||||
| CVE-2024-21982 | 1 Netapp | 1 Clustered Data Ontap | 2025-06-16 | 4.8 Medium |
| ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user. | ||||
| CVE-2024-25679 | 1 Pquic | 1 Pquic | 2025-06-16 | 6.5 Medium |
| In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation. | ||||
| CVE-2024-25450 | 1 Enlightenment | 1 Imlib2 | 2025-06-16 | 8.8 High |
| imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). | ||||
| CVE-2024-0811 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-16 | 4.3 Medium |
| Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2023-51751 | 2 Microsoft, Scalefusion | 2 Windows, Scalefusion | 2025-06-16 | 7.3 High |
| ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. | ||||
| CVE-2023-48133 | 1 Linecorp | 1 Line | 2025-06-16 | 5.4 Medium |
| An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43994 | 1 Linecorp | 1 Line | 2025-06-16 | 5.4 Medium |
| An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-42941 | 1 Apple | 2 Ipados, Iphone Os | 2025-06-16 | 4.8 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets. | ||||
| CVE-2023-42830 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-16 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information. | ||||
| CVE-2023-42829 | 1 Apple | 1 Macos | 2025-06-16 | 5.5 Medium |
| The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases. | ||||
| CVE-2024-25675 | 1 Misp | 1 Misp | 2025-06-16 | 9.8 Critical |
| An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. | ||||
| CVE-2023-5485 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-06-16 | 4.3 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-43989 | 1 Linecorp | 1 Line | 2025-06-16 | 5.4 Medium |
| An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2025-5428 | 1 Juzaweb | 1 Cms | 2025-06-16 | 6.3 Medium |
| A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-45561 | 1 Linecorp | 1 Line | 2025-06-13 | 5.3 Medium |
| An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | ||||
| CVE-2023-4280 | 1 Silabs | 1 Gecko Software Development Kit | 2025-06-13 | 9.3 Critical |
| An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | ||||
| CVE-2024-0985 | 2 Postgresql, Redhat | 7 Postgresql, Enterprise Linux, Rhel Aus and 4 more | 2025-06-13 | 8 High |
| Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected. | ||||
| CVE-2024-48900 | 1 Moodle | 1 Moodle | 2025-06-13 | 4.3 Medium |
| A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to. | ||||
| CVE-2024-46213 | 1 Redaxo | 1 Redaxo | 2025-06-13 | 7.2 High |
| REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. | ||||