Export limit exceeded: 341484 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341484 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11153 | 1 Mozilla | 1 Firefox | 2025-10-30 | 7.5 High |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143.0.3. | ||||
| CVE-2025-21874 | 1 Linux | 1 Linux Kernel | 2025-10-30 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: dm-integrity: Avoid divide by zero in table status in Inline mode In Inline mode, the journal is unused, and journal_sectors is zero. Calculating the journal watermark requires dividing by journal_sectors, which should be done only if the journal is configured. Otherwise, a simple table query (dmsetup table) can cause OOPS. This bug did not show on some systems, perhaps only due to compiler optimization. On my 32-bit testing machine, this reliably crashes with the following: : Oops: divide error: 0000 [#1] PREEMPT SMP : CPU: 0 UID: 0 PID: 2450 Comm: dmsetup Not tainted 6.14.0-rc2+ #959 : EIP: dm_integrity_status+0x2f8/0xab0 [dm_integrity] ... | ||||
| CVE-2025-10290 | 2 Apple, Mozilla | 3 Ios, Firefox Focus, Focus For Ios | 2025-10-30 | 6.5 Medium |
| Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS < 143.0. | ||||
| CVE-2025-9186 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-30 | 6.5 Medium |
| Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142. | ||||
| CVE-2025-55031 | 2 Apple, Mozilla | 5 Ios, Firefox, Firefox Focus and 2 more | 2025-10-30 | 9.8 Critical |
| Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142. | ||||
| CVE-2025-55033 | 2 Apple, Mozilla | 3 Ios, Firefox Focus, Focus For Ios | 2025-10-30 | 6.1 Medium |
| Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142. | ||||
| CVE-2025-55032 | 2 Apple, Mozilla | 3 Ios, Firefox Focus, Focus For Ios | 2025-10-30 | 6.1 Medium |
| Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142. | ||||
| CVE-2025-9183 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-10-30 | 6.5 Medium |
| Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2. | ||||
| CVE-2024-43573 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-10-30 | 6.5 Medium |
| Windows MSHTML Platform Spoofing Vulnerability | ||||
| CVE-2024-43556 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-30 | 7.8 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2024-43572 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2025-10-30 | 7.8 High |
| Microsoft Management Console Remote Code Execution Vulnerability | ||||
| CVE-2025-40014 | 1 Linux | 1 Linux Kernel | 2025-10-30 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, so the low speed_hz value gets clamped up to AMD_SPI_MIN_HZ. Fixes the following warning with an UBSAN kernel: drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode() | ||||
| CVE-2025-21876 | 1 Linux | 1 Linux Kernel | 2025-10-30 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix suspicious RCU usage Commit <d74169ceb0d2> ("iommu/vt-d: Allocate DMAR fault interrupts locally") moved the call to enable_drhd_fault_handling() to a code path that does not hold any lock while traversing the drhd list. Fix it by ensuring the dmar_global_lock lock is held when traversing the drhd list. Without this fix, the following warning is triggered: ============================= WARNING: suspicious RCU usage 6.14.0-rc3 #55 Not tainted ----------------------------- drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 1 2 locks held by cpuhp/1/23: #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0 #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0 stack backtrace: CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55 Call Trace: <TASK> dump_stack_lvl+0xb7/0xd0 lockdep_rcu_suspicious+0x159/0x1f0 ? __pfx_enable_drhd_fault_handling+0x10/0x10 enable_drhd_fault_handling+0x151/0x180 cpuhp_invoke_callback+0x1df/0x990 cpuhp_thread_fun+0x1ea/0x2c0 smpboot_thread_fn+0x1f5/0x2e0 ? __pfx_smpboot_thread_fn+0x10/0x10 kthread+0x12a/0x2d0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x4a/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Holding the lock in enable_drhd_fault_handling() triggers a lockdep splat about a possible deadlock between dmar_global_lock and cpu_hotplug_lock. This is avoided by not holding dmar_global_lock when calling iommu_device_register(), which initiates the device probe process. | ||||
| CVE-2025-30475 | 1 Dell | 2 Insightiq, Powerscale Insightiq | 2025-10-30 | 8.1 High |
| Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to elevation of privileges. | ||||
| CVE-2025-30476 | 1 Dell | 2 Insightiq, Powerscale Insightiq | 2025-10-30 | 5.3 Medium |
| Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2024-42190 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-30 | 6.5 Medium |
| HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. | ||||
| CVE-2024-42191 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-30 | 6.5 Medium |
| HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. | ||||
| CVE-2021-38406 | 1 Deltaww | 1 Dopsoft | 2025-10-30 | 7.8 High |
| Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2025-1316 | 1 Edimax | 2 Ic-7100, Ic-7100 Firmware | 2025-10-30 | 9.8 Critical |
| Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device | ||||
| CVE-2025-0994 | 1 Trimble | 1 Cityworks | 2025-10-30 | 8.8 High |
| Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server. | ||||