Search Results (215 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-13951 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2026-04-15 7.6 High
One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2025-13824 1 Rockwellautomation 3 Micro820, Micro850, Micro870 2026-04-15 N/A
A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code 0xF019. To recover, clear the fault.
CVE-2025-26486 2026-04-15 6 Medium
Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234.
CVE-2025-11015 1 Ogrecave 1 Ogre 2026-04-15 5.3 Medium
A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited.
CVE-2025-25215 2026-04-15 8.8 High
An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability.
CVE-2024-2955 2 Fedoraproject, Wireshark 2 Fedora, Wireshark 2026-04-08 7.8 High
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file
CVE-2024-4853 2 Fedoraproject, Wireshark 2 Fedora, Wireshark 2026-03-27 3.6 Low
Memory handling issue in editcap could cause denial of service via crafted capture file
CVE-2025-9290 1 Tp-link 114 Beam Bridge 5 Ur, Beam Bridge 5 Ur Firmware, Dr3220v-4g and 111 more 2026-03-16 5.9 Medium
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.
CVE-2025-6558 5 Apple, Debian, Google and 2 more 10 Ipados, Iphone Os, Macos and 7 more 2026-02-26 8.8 High
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2025-47329 2 Google, Qualcomm 78 Android, Fastconnect 7800, Fastconnect 7800 Firmware and 75 more 2026-02-26 7.8 High
Memory corruption while handling invalid inputs in application info setup.
CVE-2025-13042 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-02-26 8.8 High
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-14765 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-02-26 8.8 High
Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-14233 1 Canon 53 1238i Ii, 1238if Ii, 1238p Ii and 50 more 2026-02-26 9.8 Critical
Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.
CVE-2024-38881 1 Horizoncloud 1 Caterease 2026-02-24 7.5 High
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords.
CVE-2024-49602 1 Dell 1 Powerscale Onefs 2026-02-20 6.5 Medium
Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
CVE-2025-30379 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-02-13 7.8 High
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-47737 1 Unhandledexpression 1 Trailer 2026-01-30 2.9 Low
lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero.
CVE-2025-48755 1 Blyssprivacy 1 Spiral-rs 2026-01-30 2.9 Low
In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type).
CVE-2025-48768 1 Apache 1 Nuttx 2026-01-06 5.3 Medium
Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service. This issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0. Users of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.
CVE-2024-47658 1 Linux 1 Linux Kernel 2026-01-05 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. The reason is the fact that BH must be disabled during this process.