Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11157 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33095 | 1 Qualcomm | 204 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 201 more | 2025-08-11 | 7.5 High |
| Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR. | ||||
| CVE-2023-43529 | 1 Qualcomm | 322 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 319 more | 2025-08-11 | 7.5 High |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. | ||||
| CVE-2023-33043 | 1 Qualcomm | 118 Ar8035, Ar8035 Firmware, Qca6391 and 115 more | 2025-08-11 | 7.5 High |
| Transient DOS in Modem when a Beam switch request is made with a non-configured BWP. | ||||
| CVE-2023-33044 | 1 Qualcomm | 180 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 177 more | 2025-08-11 | 7.5 High |
| Transient DOS in Data modem while handling TLB control messages from the Network. | ||||
| CVE-2023-33096 | 1 Qualcomm | 204 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 201 more | 2025-08-11 | 7.5 High |
| Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16. | ||||
| CVE-2023-24843 | 1 Qualcomm | 132 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 129 more | 2025-08-11 | 7.5 High |
| Transient DOS in Modem while triggering a camping on an 5G cell. | ||||
| CVE-2023-33022 | 1 Qualcomm | 424 315 5g Iot Modem, 315 5g Iot Modem Firmware, Apq5053-aa and 421 more | 2025-08-11 | 8.4 High |
| Memory corruption in HLOS while invoking IOCTL calls from user-space. | ||||
| CVE-2023-33018 | 1 Qualcomm | 527 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 524 more | 2025-08-11 | 7.8 High |
| Memory corruption while using the UIM diag command to get the operators name. | ||||
| CVE-2024-2660 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2025-08-08 | 6.4 Medium |
| Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11. | ||||
| CVE-2023-42035 | 1 Visualware | 1 Myconnection Server | 2025-08-08 | N/A |
| Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doIForward method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-21774. | ||||
| CVE-2025-5195 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure. | ||||
| CVE-2024-10455 | 1 D3tn | 1 Ud3tn | 2025-08-07 | 7.5 High |
| Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block | ||||
| CVE-2025-8656 | 2 Jvckenwood, Kenwood | 3 Dmx958xr, Dmx958xr Firmware, Dmx958xr | 2025-08-07 | N/A |
| Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows physically present attackers to downgrade software on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libSystemLib library. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26355. | ||||
| CVE-2023-44412 | 2 D-link, Dlink | 2 D-view, D-view 8 | 2025-08-07 | N/A |
| D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addDv7Probe function. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-19571. | ||||
| CVE-2024-58265 | 1 Mcginty | 1 Snow | 2025-08-07 | 3.1 Low |
| The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery. | ||||
| CVE-2025-50484 | 1 Phpgurukul | 1 Small Crm | 2025-08-07 | 7.1 High |
| Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack. | ||||
| CVE-2023-27324 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | N/A |
| Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. The issue results from the lack of proper initialization of environment variables. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. . Was ZDI-CAN-18229. | ||||
| CVE-2023-27322 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | N/A |
| Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The issue results from the lack of proper initialization of environment variables. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17751. | ||||
| CVE-2023-27325 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | 7.8 High |
| Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. The issue results from the lack of proper initialization of environment variables. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. . Was ZDI-CAN-18253. | ||||
| CVE-2024-42645 | 1 Flashmq | 1 Flashmq | 2025-08-06 | 7.5 High |
| An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service (DoS). | ||||