Search Results (1934 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34288 1 Ashlar 1 Cobalt 2025-08-07 7.8 High
Ashlar-Vellum Cobalt XE File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17966.
CVE-2025-0982 1 Google 1 Application Integration 2025-07-30 10.0 Critical
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.
CVE-2024-20309 1 Cisco 1 Ios Xe 2025-07-30 5.6 Medium
A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition.
CVE-2024-25078 1 Insyde 2 Insydeh2o, Kernel 2025-07-29 7.4 High
A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM.
CVE-2025-2285 1 Rockwellautomation 1 Arena 2025-07-14 7.8 High
A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVE-2025-2287 1 Rockwellautomation 1 Arena 2025-07-14 7.8 High
A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVE-2025-2286 1 Rockwellautomation 1 Arena 2025-07-14 7.8 High
A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVE-2025-0467 1 Imaginationtech 2 Ddk, Graphics Ddk 2025-07-11 8.2 High
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
CVE-2024-38187 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2025-07-10 7.8 High
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38185 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2025-07-10 7.8 High
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-43636 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-07-08 7.8 High
Win32k Elevation of Privilege Vulnerability
CVE-2024-43629 1 Microsoft 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more 2025-07-08 7.8 High
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-43624 1 Microsoft 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more 2025-07-08 8.8 High
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
CVE-2024-43646 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2025-07-08 6.7 Medium
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43631 1 Microsoft 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more 2025-07-08 6.7 Medium
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2025-27607 1 Nhairs 1 Python Json Logger 2025-07-01 8.8 High
Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0.
CVE-2024-30161 1 Qt 1 Qt 2025-06-30 6.5 Medium
In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)
CVE-2023-20597 1 Amd 202 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 199 more 2025-06-27 5.5 Medium
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CVE-2023-20594 1 Amd 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more 2025-06-27 4.4 Medium
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CVE-2024-1739 1 Lunary 1 Lunary 2025-06-18 9.1 Critical
lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the case of the email characters. For example, accounts for 'abc@gmail.com' and 'Abc@gmail.com' can both be created, leading to potential impersonation and confusion among users.