Vulnerabilities (CVE)

Filtered by CWE-20
Total 11366 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-27151 2025-05-29 N/A 4.7 MEDIUM
Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.
CVE-2025-33043 2025-05-29 N/A 5.8 MEDIUM
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.
CVE-2022-37395 1 Huawei 2 Cv81-wdm Fw, Cv81-wdm Fw Firmware 2025-05-28 N/A 7.5 HIGH
A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks.Affected product versions include:CV81-WDM FW versions 01.70.49.29.46.
CVE-2025-5148 2025-05-28 4.3 MEDIUM 5.3 MEDIUM
A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 784cbf8dde2cf1456ff808aeba23177e1810e7a9. It is recommended to apply a patch to fix this issue.
CVE-2025-31215 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2025-05-28 N/A 6.5 MEDIUM
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-31217 1 Apple 7 Ipados, Iphone Os, Macos and 4 more 2025-05-27 N/A 6.5 MEDIUM
The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-31233 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2025-05-27 N/A 6.3 MEDIUM
The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
CVE-2025-31240 1 Apple 1 Macos 2025-05-27 N/A 7.5 HIGH
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead to system termination.
CVE-2025-31259 1 Apple 1 Macos 2025-05-27 N/A 7.8 HIGH
The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges.
CVE-2024-29461 1 Projectfloodlight 1 Open Sdn Controller 2025-05-27 N/A 6.3 MEDIUM
An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.
CVE-2023-48425 1 Google 2 Chromecast, Chromecast Firmware 2025-05-27 N/A 9.8 CRITICAL
U-Boot vulnerability resulting in persistent Code Execution 
CVE-2025-24274 1 Apple 1 Macos 2025-05-27 N/A 7.8 HIGH
An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges.
CVE-2025-30442 1 Apple 1 Macos 2025-05-27 N/A 7.8 HIGH
The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain elevated privileges.
CVE-2025-31208 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2025-05-27 N/A 7.5 HIGH
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.
CVE-2017-7957 3 Debian, Redhat, Xstream 4 Debian Linux, Fuse, Jboss Middleware and 1 more 2025-05-23 5.0 MEDIUM 7.5 HIGH
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.
CVE-2025-3885 2025-05-23 N/A 5.3 MEDIUM
Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942.
CVE-2024-25010 2025-05-23 N/A 8.8 HIGH
Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution.
CVE-2025-41378 2025-05-23 N/A N/A
The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel.
CVE-2025-5114 2025-05-23 6.5 MEDIUM 6.3 MEDIUM
A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the argument filePath leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-41377 2025-05-23 N/A N/A
Cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve the encryption key, resulting in the loading of malicious firmware.