Export limit exceeded: 357821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1052 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37296 | 2026-04-15 | 5.3 Medium | ||
| The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue. | ||||
| CVE-2025-25329 | 2026-04-15 | 5.5 Medium | ||
| An issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2023-50433 | 2026-04-15 | 6.5 Medium | ||
| marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service by sending a malicious DHCP packet. The crash is caused by a type confusion bug that results in a large memory allocation; when this memory allocation fails the DHCP server will crash. | ||||
| CVE-2025-25324 | 2026-04-15 | 5.5 Medium | ||
| An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2025-25330 | 2026-04-15 | 5.5 Medium | ||
| An issue in Boohee Technology Boohee Health iOS 13.0.13 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-6577 | 2026-04-15 | N/A | ||
| In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data. | ||||
| CVE-2024-11344 | 2026-04-15 | 7.3 High | ||
| A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | ||||
| CVE-2024-58253 | 2026-04-15 | 2.9 Low | ||
| In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value. | ||||
| CVE-2025-29867 | 1 Hancom | 4 Hancom Office 2018, Hancom Office 2020, Hancom Office 2022 and 1 more | 2026-04-15 | N/A |
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050. | ||||
| CVE-2024-12543 | 2026-04-15 | N/A | ||
| User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes. | ||||
| CVE-2024-1848 | 2026-04-15 | 7.8 High | ||
| Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. | ||||
| CVE-2025-25326 | 2026-04-15 | 5.5 Medium | ||
| An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2025-25334 | 2026-04-15 | 5.5 Medium | ||
| An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2025-25331 | 2026-04-15 | 5.5 Medium | ||
| An issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2025-25323 | 2026-04-15 | 5.5 Medium | ||
| An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-34394 | 1 Marudor | 1 Libxmljs2 | 2026-04-15 | 8.1 High |
| libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution. | ||||
| CVE-2025-62518 | 1 Astral | 1 Tokio-tar | 2026-04-15 | 8.1 High |
| astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds. | ||||
| CVE-2024-34393 | 1 Libxmljs Project | 1 Libxmljs | 2026-04-15 | 8.1 High |
| libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). | ||||
| CVE-2025-65080 | 1 Lexmark | 40 Cslbl, Cslbln, Csngv and 37 more | 2026-04-15 | N/A |
| A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. | ||||
| CVE-2024-43357 | 1 Ecma International | 1 Ecma262 | 2026-04-15 | 8.6 High |
| ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference. The internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the IteratorResult objects will not be then-ables. Unfortunately, these IteratorResult objects inherit from `Object.prototype`, so these IteratorResult objects can be made then-able, triggering arbitrary behaviour, including re-entering the async generator machinery in a way that violates some internal invariants. The ECMAScript specification is a living standard and the issue has been addressed at the time of this advisory's public disclosure. JavaScript engine implementors should refer to the latest specification and update their implementations to comply with the `AsyncGenerator` section. ## References - https://github.com/tc39/ecma262/commit/1e24a286d0a327d08e1154926b3ee79820232727 - https://bugzilla.mozilla.org/show_bug.cgi?id=1901411 - https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq - https://bugs.webkit.org/show_bug.cgi?id=275407 - https://issues.chromium.org/issues/346692561 - https://www.cve.org/CVERecord?id=CVE-2024-7652 | ||||