Filtered by CWE-20
Total 12442 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-40458 1 Ocuco 1 Innovation 2025-05-30 7.8 High
An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.
CVE-2022-35773 1 Microsoft 1 Azure Real Time Operating System Guix Studio 2025-05-29 7.8 High
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVE-2022-23766 2 Bigfile, Microsoft 2 Bigfileagent, Windows 2025-05-29 7.8 High
An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website.
CVE-2024-21413 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2025-05-29 9.8 Critical
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21388 1 Microsoft 1 Edge Chromium 2025-05-29 6.5 Medium
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2025-27151 2025-05-29 4.7 Medium
Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.
CVE-2025-33043 2025-05-29 5.8 Medium
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.
CVE-2025-5148 2025-05-28 5.3 Medium
A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 784cbf8dde2cf1456ff808aeba23177e1810e7a9. It is recommended to apply a patch to fix this issue.
CVE-2022-37395 1 Huawei 2 Cv81-wdm Fw, Cv81-wdm Fw Firmware 2025-05-28 7.5 High
A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks.Affected product versions include:CV81-WDM FW versions 01.70.49.29.46.
CVE-2025-31215 2 Apple, Redhat 11 Ipados, Iphone Os, Macos and 8 more 2025-05-28 6.5 Medium
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-31217 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2025-05-27 6.5 Medium
The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-31233 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2025-05-27 6.3 Medium
The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
CVE-2025-31240 1 Apple 1 Macos 2025-05-27 7.5 High
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead to system termination.
CVE-2025-31259 1 Apple 1 Macos 2025-05-27 7.8 High
The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges.
CVE-2020-14797 5 Debian, Netapp, Opensuse and 2 more 22 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 19 more 2025-05-27 3.7 Low
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2020-14621 8 Canonical, Debian, Fedoraproject and 5 more 27 Ubuntu Linux, Debian Linux, Fedora and 24 more 2025-05-27 5.3 Medium
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-29461 2 Atlassian, Projectfloodlight 2 Floodlight Controller, Open Sdn Controller 2025-05-27 6.3 Medium
An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.
CVE-2023-48425 1 Google 2 Chromecast, Chromecast Firmware 2025-05-27 9.8 Critical
U-Boot vulnerability resulting in persistent Code Execution 
CVE-2021-27774 1 Hcltech 1 Hcl Digital Experience 2025-05-27 3.1 Low
User input included in error response, which could be used in a phishing attack.
CVE-2025-41377 2025-05-27 N/A
Cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve the encryption key, resulting in the loading of malicious firmware.