Latest CVE Feed
-
7.8
HIGHCVE-2024-23129
A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can l... Read more
- Published: Feb. 22, 2024
- Modified: Aug. 26, 2025
-
7.8
HIGHCVE-2024-23128
A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can ... Read more
- Published: Feb. 22, 2024
- Modified: Aug. 26, 2025
-
7.8
HIGHCVE-2024-23127
A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensiti... Read more
- Published: Feb. 22, 2024
- Modified: Aug. 26, 2025
-
7.8
HIGHCVE-2024-23126
A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the ... Read more
- Published: Feb. 22, 2024
- Modified: Aug. 26, 2025
-
7.8
HIGHCVE-2024-23125
A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in th... Read more
- Published: Feb. 22, 2024
- Modified: Aug. 26, 2025
-
7.8
HIGHCVE-2024-23124
A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code... Read more
- Published: Feb. 22, 2024
- Modified: Aug. 26, 2025
-
7.8
HIGHCVE-2024-23123
A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execu... Read more
- Published: Feb. 22, 2024
- Modified: Aug. 26, 2025
-
7.8
HIGHCVE-2024-23122
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in ... Read more
- Published: Feb. 22, 2024
- Modified: Aug. 26, 2025
-
7.8
HIGHCVE-2024-23121
A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code i... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +2 more products- Published: Feb. 22, 2024
- Modified: Aug. 26, 2025
-
7.8
HIGHCVE-2024-23120
A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corrup... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +2 more products- Published: Feb. 22, 2024
- Modified: Aug. 26, 2025
-
7.8
HIGHCVE-2024-22029
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Aug. 26, 2025
-
8.8
HIGHCVE-2024-21976
Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.... Read more
Affected Products : ryzen_ai_software- Published: Nov. 12, 2024
- Modified: Aug. 26, 2025
-
9.8
CRITICALCVE-2024-21546
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.... Read more
Affected Products : laravel-filemanager- Published: Dec. 18, 2024
- Modified: Aug. 26, 2025
-
5.1
MEDIUMCVE-2024-20853
Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore.... Read more
Affected Products :- Published: Apr. 02, 2024
- Modified: Aug. 26, 2025
-
6.5
MEDIUMCVE-2024-20345
A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-s... Read more
- Published: Mar. 06, 2024
- Modified: Aug. 26, 2025
-
5.5
MEDIUMCVE-2024-20332
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to ... Read more
Affected Products : identity_services_engine- Published: Apr. 03, 2024
- Modified: Aug. 26, 2025
-
7.4
HIGHCVE-2024-20312
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. Thi... Read more
- Published: Mar. 27, 2024
- Modified: Aug. 26, 2025
-
7.1
HIGHCVE-2024-1714
An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.... Read more
Affected Products : identityiq- Published: Feb. 21, 2024
- Modified: Aug. 26, 2025
-
5.3
MEDIUMCVE-2024-1587
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and p... Read more
Affected Products : newsmatic- Published: Apr. 09, 2024
- Modified: Aug. 26, 2025
-
9.0
HIGHCVE-2024-13129
A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command i... Read more
Affected Products :- Published: Jan. 03, 2025
- Modified: Aug. 26, 2025
- Vuln Type: Injection