Search Results (362966 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-42961 1 Apple 3 Ipados, Iphone Os, Macos 2025-04-21 6.3 Medium
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictions.
CVE-2023-42981 1 Apple 1 Macos 2025-04-21 5.4 Medium
Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.
CVE-2023-42982 1 Apple 1 Macos 2025-04-21 6.4 Medium
Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.
CVE-2024-27655 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-21 8.8 High
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
CVE-2024-27656 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-21 8.8 High
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
CVE-2024-27657 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-21 8.8 High
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
CVE-2024-27658 1 Dlink 3 Dir-823 Firmware, Dir-823g, Dir-823g Firmware 2025-04-21 6.5 Medium
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2022-42815 1 Apple 1 Macos 2025-04-21 5.5 Medium
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.
CVE-2025-0762 1 Google 1 Chrome 2025-04-21 8.8 High
Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
CVE-2025-0448 1 Google 1 Chrome 2025-04-21 4.3 Medium
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-0447 1 Google 1 Chrome 2025-04-21 8.8 High
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-0446 1 Google 1 Chrome 2025-04-21 4.3 Medium
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2025-0443 1 Google 1 Chrome 2025-04-21 8.8 High
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-0442 1 Google 1 Chrome 2025-04-21 6.5 Medium
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-0441 1 Google 1 Chrome 2025-04-21 6.5 Medium
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-0440 2 Google, Microsoft 2 Chrome, Windows 2025-04-21 6.5 Medium
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-0439 1 Google 1 Chrome 2025-04-21 6.5 Medium
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-0438 1 Google 1 Chrome 2025-04-21 8.8 High
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-3074 1 Google 1 Chrome 2025-04-21 5.4 Medium
Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-3073 1 Google 1 Chrome 2025-04-21 5.4 Medium
Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)