Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1109 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-25104 1 Prestashop 1 Prestashop 2026-04-15 4.3 Medium
A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component.
CVE-2025-25323 2026-04-15 5.5 Medium
An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-25324 2026-04-15 5.5 Medium
An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-65080 1 Lexmark 40 Cslbl, Cslbln, Csngv and 37 more 2026-04-15 N/A
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
CVE-2025-25325 2026-04-15 5.5 Medium
An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-25334 2026-04-15 5.5 Medium
An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-34393 1 Libxmljs Project 1 Libxmljs 2026-04-15 8.1 High
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).
CVE-2024-3298 2026-04-15 7.8 High
Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847.
CVE-2024-34394 1 Marudor 1 Libxmljs2 2026-04-15 8.1 High
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.
CVE-2025-62518 1 Astral 1 Tokio-tar 2026-04-15 8.1 High
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.
CVE-2024-9412 1 Rockwellautomation 1 Verve Asset Manager 2026-04-15 N/A
An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.
CVE-2024-6577 2026-04-15 N/A
In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data.
CVE-2023-31323 1 Amd 7 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 4 more 2026-04-15 N/A
Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability.
CVE-2025-58444 2026-04-15 N/A
The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to interact directly with the inspector proxy to trigger arbitrary command execution. Users are advised to update to 0.16.6 to resolve this issue.
CVE-2025-58051 1 Nextcloud 1 Tables 2026-04-15 6.5 Medium
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leaked to the user. It is recommended that the Nextcloud Tables app is upgraded to 0.7.6, 0.8.8 or 0.9.5.
CVE-2025-55137 2026-04-15 7.4 High
LinkJoin through 882f196 mishandles lacks type checking in password reset.
CVE-2025-29867 1 Hancom 4 Hancom Office 2018, Hancom Office 2020, Hancom Office 2022 and 1 more 2026-04-15 N/A
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050.
CVE-2023-31322 1 Amd 3 Radeon, Radeon Pro W7000, Radeon Rx 7000 2026-04-15 8.7 High
Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or write to shared memory resulting in loss of confidentiality, integrity, or availability.
CVE-2023-50433 2026-04-15 6.5 Medium
marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service by sending a malicious DHCP packet. The crash is caused by a type confusion bug that results in a large memory allocation; when this memory allocation fails the DHCP server will crash.
CVE-2025-14559 1 Redhat 1 Build Keycloak 2026-04-15 6.5 Medium
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow.