Export limit exceeded: 325344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (325344 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65890 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index. | ||||
| CVE-2025-65891 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index. | ||||
| CVE-2025-70999 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID. | ||||
| CVE-2025-71000 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-71001 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.5 Medium |
| A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-59902 | 1 Nice | 1 Nice Chat | 2026-02-03 | N/A |
| HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system, which could enable phishing attacks, impersonation, or credential theft. | ||||
| CVE-2025-71002 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.5 Medium |
| A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-71003 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2023-54343 | 1 Qwe Labs | 1 Qwe Dl | 2026-02-03 | 6.4 Medium |
| QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading to session hijacking and application module manipulation. | ||||
| CVE-2022-50797 | 2 Halfdata, Wordpress | 2 Stripe Green Downloads, Wordpress | 2026-02-03 | 6.4 Medium |
| Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and application module manipulation. | ||||
| CVE-2022-50950 | 1 Webile | 1 Webile | 2026-02-03 | 6.5 Medium |
| Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system. | ||||
| CVE-2022-50951 | 1 Smarterdroid | 1 Wifi File Transfer | 2026-02-03 | 6.4 Medium |
| WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infected file paths, potentially compromising user browser sessions. | ||||
| CVE-2022-50952 | 1 Banco De Guayaquil | 1 Banco Guayaquil | 2026-02-03 | 6.4 Medium |
| Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction. | ||||
| CVE-2020-37033 | 1 Insite Software | 1 Infor Storefront B2b | 2026-02-03 | 8.2 High |
| Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potentially extract or modify database information. | ||||
| CVE-2020-37034 | 1 Helloweb | 1 Helloweb | 2026-02-03 | 7.5 High |
| HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files. | ||||
| CVE-2020-37035 | 1 Amitkolloldey | 1 E-learning Script | 2026-02-03 | 8.2 High |
| e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive database information. | ||||
| CVE-2020-37036 | 1 Mini-stream | 2 Mini-stream Rm Downloader, Rm Downloader | 2026-02-03 | 8.4 High |
| RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe. | ||||
| CVE-2020-37037 | 1 Avast | 1 Secureline | 2026-02-03 | 7.8 High |
| Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup. | ||||
| CVE-2020-37038 | 1 Codeblocks | 1 Code::blocks | 2026-02-03 | 7.5 High |
| Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash. | ||||
| CVE-2020-37039 | 1 Winfrigate | 1 Frigate 2 | 2026-02-03 | 7.5 High |
| Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application's command line field to trigger an application crash. | ||||