Export limit exceeded: 15495 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8111 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49846 | 2025-07-08 | N/A | ||
| wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself were not affected, especially not the logs users can export and send to Wire support. The iOS logs can only be accessed if someone had (physical) access to the underlying unlocked device. The issue manifested itself by calling canOpenUrl() and passing an invalid URL object. When iOS then performs the check and fails, it logs the contents to the system log. This is not documented behaviour. Wire released an emergency fix with version 3.124.1. As a workaround, users can reset their iOS device to remove the offending logs. Since Wire cannot access or modify iOS system logs, there's no other workaround other than a reset. | ||||
| CVE-2025-24508 | 2025-07-08 | 6.4 Medium | ||
| Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage | ||||
| CVE-2025-41666 | 2025-07-08 | 8.8 High | ||
| A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized. | ||||
| CVE-2025-41667 | 2025-07-08 | 8.8 High | ||
| A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device. | ||||
| CVE-2025-41668 | 2025-07-08 | 8.8 High | ||
| A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device. | ||||
| CVE-2024-49051 | 1 Microsoft | 1 Pc Manager | 2025-07-08 | 7.8 High |
| Microsoft PC Manager Elevation of Privilege Vulnerability | ||||
| CVE-2024-43633 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 | 2025-07-08 | 6.5 Medium |
| Windows Hyper-V Denial of Service Vulnerability | ||||
| CVE-2024-38264 | 1 Microsoft | 5 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 2 more | 2025-07-08 | 5.9 Medium |
| Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability | ||||
| CVE-2024-43603 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2025-07-08 | 5.5 Medium |
| Visual Studio Collector Service Denial of Service Vulnerability | ||||
| CVE-2024-43563 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-08 | 7.8 High |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||||
| CVE-2024-43551 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-08 | 7.8 High |
| Windows Storage Elevation of Privilege Vulnerability | ||||
| CVE-2024-43501 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38262 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-07-08 | 7.5 High |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
| CVE-2024-38097 | 1 Microsoft | 1 Azure Monitor Agent | 2025-07-08 | 7.1 High |
| Azure Monitor Agent Elevation of Privilege Vulnerability | ||||
| CVE-2023-51570 | 1 Voltronicpower | 1 Viewpower | 2025-07-07 | N/A |
| Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI interface, which listens on TCP port 41009 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21012. | ||||
| CVE-2022-23302 | 6 Apache, Broadcom, Netapp and 3 more | 44 Log4j, Brocade Sannav, Snapmanager and 41 more | 2025-07-07 | 8.8 High |
| JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | ||||
| CVE-2024-31879 | 1 Ibm | 1 I | 2025-07-03 | 7.5 High |
| IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539. | ||||
| CVE-2024-10013 | 2 Progress, Progress Software | 2 Telerik Ui For Winforms, Progress Telerik Ui For Wpf Versions | 2025-07-03 | 7.8 High |
| In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. | ||||
| CVE-2025-34062 | 2025-07-03 | N/A | ||
| An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext response disclosing sensitive credentials. These may include an API key, AWS IAM access and secret keys, and a base64-encoded JWT signing key used in the tenant’s SSO IdP configuration. | ||||
| CVE-2025-34060 | 2025-07-03 | N/A | ||
| A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to file_get_contents() without validation. MIME type checks using PHP’s finfo can be bypassed via crafted stream filter chains that prepend spoofed headers, allowing access to internal Laravel configuration files. An attacker can extract the APP_KEY from config/app.php, forge encrypted cookies, and trigger unsafe unserialize() calls, leading to reliable remote code execution. | ||||