Export limit exceeded: 324770 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (647 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21498 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-01-09 | 5.5 Medium |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2. | ||||
| CVE-2026-21496 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-01-09 | 5.5 Medium |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2. | ||||
| CVE-2026-21502 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-01-09 | 5.5 Medium |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2. | ||||
| CVE-2025-59849 | 2 Hcltech, Hcltechsw | 3 Bigfix Remote Control, Hcl Devops Deploy, Hcl Launch | 2026-01-06 | 4.7 Medium |
| Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages. | ||||
| CVE-2025-65318 | 2 Canarymail, Microsoft | 2 Canary Mail, Windows | 2025-12-31 | 9.1 Critical |
| When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software. | ||||
| CVE-2025-65319 | 1 Blixhq | 1 Bluemail | 2025-12-31 | 9.1 Critical |
| When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software. | ||||
| CVE-2025-46291 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-26 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks. | ||||
| CVE-2025-43296 | 1 Apple | 1 Macos | 2025-12-26 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks. | ||||
| CVE-2025-46281 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-18 | 8.4 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox. | ||||
| CVE-2025-13326 | 1 Mattermost | 2 Mattermost, Mattermost Desktop | 2025-12-18 | 3.9 Low |
| Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder. | ||||
| CVE-2025-14095 | 2 Microsoft, Radiometer | 7 Windows, Abl800 Basic Analyzer, Abl800 Flex Analyzer and 4 more | 2025-12-18 | 5.7 Medium |
| A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software. Other related CVE's are CVE-2025-14096 & CVE-2025-14097. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required configuration for Exposure: Physical access to the analyzer is needed. Temporary work Around: Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication. Note: CVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems. | ||||
| CVE-2025-14304 | 1 Asrock | 4 Intel 500, Intel 600, Intel 700 and 1 more | 2025-12-18 | 6.8 Medium |
| Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded. | ||||
| CVE-2025-14303 | 1 Msi | 2 Intel 600, Intel 700 | 2025-12-18 | 6.8 Medium |
| Certain motherboard models developed by MSI has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded. | ||||
| CVE-2025-14302 | 1 Gigabyte | 6 Amd 600, Amd 800, Amd Trx50 and 3 more | 2025-12-18 | 6.8 Medium |
| Certain motherboard models developed by GIGABYTE has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded. | ||||
| CVE-2025-59048 | 1 Openbao | 2 Aws Plugin, Openbao | 2025-12-05 | 8.1 High |
| OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a role with the same name in a trusted account, leading to unauthorized access. This impacts all users of the auth-aws plugin who operate in a multi-account AWS environment where IAM role names may not be unique across accounts. This vulnerability has been patched in version 0.1.1 of the auth-aws plugin. A workaround for this issue involves guaranteeing that IAM role names are unique across all AWS accounts that could potentially interact with your OpenBao environment, and to audit for any duplicate IAM roles. | ||||
| CVE-2025-46553 | 1 Misskey | 1 Summaly | 2025-12-01 | 6.1 Medium |
| @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue. | ||||
| CVE-2025-55886 | 1 Ard | 1 Ard | 2025-11-17 | 6.5 Medium |
| An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. The flaw exists in the `fe_uid` parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization. | ||||
| CVE-2025-10157 | 1 Mmaitre314 | 1 Picklescan | 2025-11-13 | 7.8 High |
| A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). When the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code. | ||||
| CVE-2025-8032 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-11-04 | 8.1 High |
| XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. | ||||
| CVE-2025-43330 | 1 Apple | 3 Macos, Macos Sequoia, Macos Tahoe | 2025-11-04 | 8.2 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7. An app may be able to break out of its sandbox. | ||||