Export limit exceeded: 19430 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19430 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23240 | 1 Openharmony | 1 Openharmony | 2025-07-12 | 3.8 Low |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | ||||
| CVE-2025-2733 | 1 Mannaandpoem | 1 Openmanus | 2025-07-12 | 6.3 Medium |
| A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2019-20208 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2025-07-11 | 5.5 Medium |
| dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow. | ||||
| CVE-2025-6376 | 1 Rockwellautomation | 1 Arena | 2025-07-11 | 7.8 High |
| A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. | ||||
| CVE-2025-6377 | 1 Rockwellautomation | 1 Arena | 2025-07-11 | 7.8 High |
| A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. | ||||
| CVE-2024-12835 | 1 Deltaww | 1 Drasimucad | 2025-07-11 | N/A |
| Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22415. | ||||
| CVE-2025-47727 | 1 Deltaww | 1 Cncsoft | 2025-07-11 | 7.3 High |
| Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2025-47725 | 1 Deltaww | 1 Cncsoft | 2025-07-11 | 7.3 High |
| Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2025-47726 | 1 Deltaww | 1 Cncsoft | 2025-07-11 | 7.3 High |
| Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2025-47724 | 1 Deltaww | 1 Cncsoft | 2025-07-11 | 7.3 High |
| Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2025-21164 | 1 Adobe | 1 Substance 3d Designer | 2025-07-11 | 7.8 High |
| Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21165 | 1 Adobe | 1 Substance 3d Designer | 2025-07-11 | 7.8 High |
| Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21166 | 1 Adobe | 1 Substance 3d Designer | 2025-07-11 | 7.8 High |
| Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-13168 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.5 High |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-13165 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.5 High |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-13166 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.5 High |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-13167 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.5 High |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2025-20193 | 1 Cisco | 1 Ios Xe | 2025-07-11 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to read files from the underlying operating system. | ||||
| CVE-2025-25269 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | 8.4 High |
| An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation. | ||||
| CVE-2024-33368 | 1 Plasmoapp | 1 Rpshare | 2025-07-10 | 8.8 High |
| An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen | ||||