Search

Found 25,452 results in 898ms · Match type: Filtered list

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2025-10156	unknown	—	—				9mo ago	Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
CVE-2025-43785	unknown	—	—				9mo ago	Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting
CVE-2025-10157	unknown	—	—				9mo ago	Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
CVE-2025-43786	unknown	—	—				9mo ago	Liferay Portal exposes ERC which can lead to exploit the time response attack
CVE-2025-43781	unknown	—	—				9mo ago	Liferay Portal is vulnerable to XSS attack through its search bar portlet
CVE-2025-43775	unknown	—	—				9mo ago	Liferay Portal is vulnerable to XSS attacks via its remote app title field
CVE-2025-58757	unknown	—	—				9mo ago	Monai: Unsafe use of Pickle deserialization may lead to RCE
CVE-2025-58756	unknown	—	—				9mo ago	MONAI: Unsafe torch usage may lead to arbitrary code execution
CVE-2025-58755	unknown	—	—				9mo ago	MONAI does not prevent path traversal, potentially leading to arbitrary file writes
CVE-2024-43115	unknown	—	—				9mo ago	Apache DolphinScheduler vulnerable to Alert Script Attack
CVE-2025-43776	unknown	—	—				9mo ago	Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting
CVE-2025-43778	unknown	—	—				9mo ago	Liferay Portal is vulnerable to XSS attack through fieldset name in Kaleo Forms Admin
CVE-2025-43777	unknown	—	—				9mo ago	Liferay Portal exposes 500 status when attempting login with a deleted client secret
CVE-2025-43774	unknown	—	—				9mo ago	Liferay Portal is vulnerable to XSS attack through its Style Book theme
CVE-2025-43763	unknown	—	—				9mo ago	Liferay Portal is vulnerable to SSRF through custom object attachment fields
CVE-2025-58365	unknown	—	—				9mo ago	XWiki Blog Application: Privilege Escalation (PR) from account through blog content
CVE-2025-57833	unknown	—	—	FIX	sles debian		9mo ago	Django is subject to SQL injection through its column aliases
CVE-2025-58782	unknown	—	—		debian		9mo ago	Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data
CVE-2025-10080	low	3.1	3.1				9mo ago	A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil…
CVE-2025-58369	unknown	—	—				9mo ago	FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side
CVE-2025-57807	unknown	—	—	FIX	debian sles		9mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing …
CVE-2025-10014	low	3.1	3.1			eladmin	9mo ago	A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the …
CVE-2025-58056	unknown	—	—	FIX	debian		9mo ago	Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions
CVE-2025-9467	unknown	—	—				9mo ago	Vaadin Framework possible file bypass via upload validation on the server-side
CVE-2025-43772	unknown	—	—				9mo ago	Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin
CVE-2025-53690	unknown	—	1.5	KEV			9mo ago	Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine …
CVE-2025-48543	unknown	—	1.5	KEV			9mo ago	Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.
CVE-2025-58057	unknown	—	—	FIX	sles debian		9mo ago	Netty's decoders vulnerable to DoS via zip bomb style attack
CVE-2025-55748	unknown	—	—				9mo ago	XWiki configuration files can be accessed through jsx and sx endpoints
CVE-2025-58460	unknown	—	—				9mo ago	Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials
CVE-2025-58459	unknown	—	—				9mo ago	Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated
CVE-2025-58458	unknown	—	—				9mo ago	Jenkins Git client Plugin file system information disclosure vulnerability
CVE-2024-43166	unknown	—	—				9mo ago	Apache DolphinScheduler Incorrect Default Permissions Vulnerability
CVE-2025-7039	low	3.7	3.7	FIX	debian sles		9mo ago	A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temp…
CVE-2025-9377	unknown	—	1.5	KEV			9mo ago	TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-servi…
CVE-2023-50224	unknown	—	1.5	KEV			9mo ago	TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The imp…
CVE-2025-9784	unknown	—	—	FIX	debian		9mo ago	Undertow MadeYouReset HTTP/2 DDoS Vulnerability
CVE-2025-46047	unknown	—	—				9mo ago	Silverpeas Core Username Enumeration Vulnerability
CVE-2025-55177	unknown	—	1.5	KEV			9mo ago	Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated use…
CVE-2020-24363	unknown	—	2.5	KEVEXP			9mo ago	TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST …
CVE-2025-9797	low	2.4	2.4				9mo ago	A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product …
CVE-2025-43773	unknown	—	—				9mo ago	Liferay Portal allows improper access through the expandoTableLocalService
CVE-2025-55202	unknown	—	—				9mo ago	Opencast has a partial path traversal vulnerability in UI config
CVE-2025-57819	unknown	—	2.5	KEVEXP			9mo ago	Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database…
CVE-2025-9591	low	2.4	2.4				9mo ago	A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipul…
CVE-2025-9590	low	3.5	3.5				9mo ago	A vulnerability was identified in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads …
CVE-2025-9589	low	2.5	2.5				9mo ago	A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack …
CVE-2025-58059	unknown	—	—				9mo ago	Valtimo scripting engine can be used to gain access to sensitive data or resources
CVE-2025-58049	unknown	—	—				9mo ago	XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
CVE-2025-57803	unknown	—	—	FIX	debian sles		10mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the…
CVE-2025-55298	unknown	—	—	FIX	debian sles		10mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in Interpr…
CVE-2025-55212	unknown	—	—	FIX	debian sles		10mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to mont…
CVE-2025-7775	unknown	—	1.5	KEV			10mo ago	Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service.
CVE-2025-9416	low	2.4	2.4				10mo ago	A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results i…
CVE-2025-55160	unknown	—	—	FIX	debian sles		10mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay t…
CVE-2025-55154	unknown	—	—	FIX	debian sles		10mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/p…
CVE-2025-55004	unknown	—	—	FIX	debian sles		10mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of …
CVE-2025-68469	unknown	—	—	FIX	debian sles		10mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fix…
CVE-2025-53019	unknown	—	—	FIX	debian sles		10mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multipl…
CVE-2025-53014	unknown	—	—	FIX	debian sles		10mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` func…
CVE-2025-53101	unknown	—	—	FIX	debian sles		10mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multip…
CVE-2025-26467	unknown	—	—				10mo ago	Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
CVE-2025-9401	low	3.7	3.7			utcms_project	10mo ago	A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument …
CVE-2024-8069	unknown	—	1.5	KEV			10mo ago	Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an au…
CVE-2024-8068	unknown	—	1.5	KEV			10mo ago	Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user …
CVE-2025-9383	low	2.5	2.5				10mo ago	A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The …
CVE-2025-9381	low	1.6	1.6				10mo ago	A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disc…
CVE-2025-43766	unknown	—	—				10mo ago	Liferay Portal allows unrestricted upload of file in the style books component
CVE-2025-43765	unknown	—	—				10mo ago	Liferay Portal stored cross-site scripting in text field of the web content structure
CVE-2025-43767	unknown	—	—				10mo ago	Liferay Portal allows open redirect in /c/portal/edit_info_item parameter redirect
CVE-2025-43770	unknown	—	—				10mo ago	Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter
CVE-2025-43769	unknown	—	—				10mo ago	Liferay Portal vulnerable to Stored XSS in Components portlet
CVE-2025-43768	unknown	—	—				10mo ago	Liferay Portal JSONWS API endpoint shares sensitive information
CVE-2025-43762	unknown	—	—				10mo ago	Liferay Portal users can upload an unlimited amount of files
CVE-2025-43761	unknown	—	—				10mo ago	Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint
CVE-2025-43759	unknown	—	—				10mo ago	Liferay Portal users are able to add system admin portlets to pages
CVE-2025-43758	unknown	—	—				10mo ago	Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry
CVE-2025-43760	unknown	—	—				10mo ago	Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect
CVE-2025-43751	unknown	—	—				10mo ago	Liferay Portal User Enumeration Vulnerability via the Create Account Page
CVE-2025-51825	unknown	—	—				10mo ago	JeecgBoot SQL Injection Vulnerability
CVE-2025-9340	unknown	—	—				10mo ago	Bouncy Castle for Java has Out-of-Bounds Write Vulnerability
CVE-2025-9341	unknown	—	—				10mo ago	Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability
CVE-2025-43752	unknown	—	—				10mo ago	Liferay Portal's Unlimited File Upload Could Result in DoS
CVE-2025-43753	unknown	—	—				10mo ago	Liferay Portal Reflected Cross-Site Scripting Vulnerability via Form Container
CVE-2025-51606	unknown	—	—				10mo ago	hippo4j Includes Hard Coded Secret Key in JWT Creation
CVE-2025-43754	unknown	—	—				10mo ago	Liferay Portal Username Enumeration Vulnerability
CVE-2025-43756	unknown	—	—				10mo ago	Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter
CVE-2025-43755	unknown	—	—				10mo ago	Liferay Portal Stored Cross-Site Scripting Vulnerability via GroupPagesPortlet_type Parameter
CVE-2025-55743	unknown	—	—				10mo ago	UnoPim vulnerable to remote code execution through Arbitrary File upload
CVE-2025-9301	low	3.3	3.3		debian sles		10mo ago	A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable ass…
CVE-2025-43300	unknown	—	1.5	KEV			10mo ago	Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
CVE-2025-54988	unknown	—	—	FIX	debian ubuntu		10mo ago	Apache Tika vulnerabilities
CVE-2025-43757	unknown	—	—				10mo ago	Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter
CVE-2025-43746	unknown	—	—				10mo ago	Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping
CVE-2025-5115	unknown	—	—	FIX	debian sles		10mo ago	Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability
CVE-2025-43748	unknown	—	—				10mo ago	Liferay Portal Vulnerable to Cross-Site Request Forgery
CVE-2025-43750	unknown	—	—				10mo ago	Liferay Portal Unvalidated File Upload
CVE-2025-43749	unknown	—	—				10mo ago	Liferay Portal Unauthenticated File Access via URL
CVE-2025-43742	unknown	—	—				10mo ago	Liferay Portal Vulnerable to Cross-Site Scripting through URLs
CVE-2025-43741	unknown	—	—				10mo ago	Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter