Search Results (46099 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-46901 2 Apache, Debian 2 Subversion, Debian Linux 2025-07-15 3.1 Low
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.
CVE-2025-22471 1 Dell 1 Powerscale Onefs 2025-07-15 6.5 Medium
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVE-2025-29985 1 Dell 1 Common Event Enabler 2025-07-15 6.5 Medium
Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
CVE-2025-7468 1 Tenda 2 Fh1201, Fh1201 Firmware 2025-07-15 8.8 High
A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerability affects the function fromSafeUrlFilter of the file /goform/fromSafeUrlFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5451 1 Ivanti 2 Connect Secure, Policy Secure 2025-07-15 4.9 Medium
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.
CVE-2025-3618 1 Rockwellautomation 1 Thinmanager 2025-07-14 5.5 Medium
A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.
CVE-2025-3286 1 Rockwellautomation 1 Arena 2025-07-14 7.8 High
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVE-2025-3285 1 Rockwellautomation 1 Arena 2025-07-14 7.8 High
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVE-2025-3287 1 Rockwellautomation 1 Arena 2025-07-14 7.8 High
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVE-2025-3288 1 Rockwellautomation 1 Arena 2025-07-14 7.8 High
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVE-2025-27165 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-07-14 5.5 Medium
Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-12580 1 Librechat 1 Librechat 2025-07-14 5.3 Medium
A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and file_id in the /code/download/:sessionId/:fileId and /download/:userId/:file_id APIs are not validated or filtered, leading to potential log injection attacks. This can cause distortion of monitoring and investigation information, evade detection from security systems, and create difficulties in maintenance and operation.
CVE-2025-53171 1 Huawei 1 Harmonyos 2025-07-14 4 Medium
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2025-53172 1 Huawei 1 Harmonyos 2025-07-14 4 Medium
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2025-53173 1 Huawei 1 Harmonyos 2025-07-14 5.3 Medium
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2025-53174 1 Huawei 1 Harmonyos 2025-07-14 4 Medium
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2025-6882 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2025-07-14 8.8 High
A vulnerability classified as critical has been found in D-Link DIR-513 1.0. This affects an unknown part of the file /goform/formSetWanPPTP. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-6617 2 D-link, Dlink 3 Dir-619l, Dir-619l, Dir-619l Firmware 2025-07-14 8.8 High
A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-6616 2 D-link, Dlink 3 Dir-619l, Dir-619l, Dir-619l Firmware 2025-07-14 8.8 High
A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-6615 2 D-link, Dlink 3 Dir-619l, Dir-619l, Dir-619l Firmware 2025-07-14 8.8 High
A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.