Export limit exceeded: 336757 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10123 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-52239 | 1 Magicsoftware | 1 Magic Xpi Integration Platform | 2025-06-17 | 6.5 Medium |
| The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport. | ||||
| CVE-2024-0944 | 1 Totolink | 2 T8, T8 Firmware | 2025-06-17 | 3.7 Low |
| A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-29858 | 1 Misp | 1 Misp | 2025-06-17 | 9.8 Critical |
| In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload. | ||||
| CVE-2024-2463 | 1 Cdex | 1 Cdex | 2025-06-17 | 8.0 High |
| Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1. | ||||
| CVE-2024-2465 | 1 Cdex | 1 Cdex | 2025-06-17 | 7.1 High |
| Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. | ||||
| CVE-2025-24973 | 1 Nexryai | 1 Concorde | 2025-06-17 | 9.4 Critical |
| Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker to steal authentication tokens. This could have devastating consequences if a user with admin privileges is (or was) using a shared device. Users who have logged in on a shared device should go to Settings > Security and regenerate their login tokens. Version 12.25Q1.1 fixes the issue. As a workaround, clear cookies and site data in the browser after logging out. | ||||
| CVE-2023-6149 | 1 Qualys | 1 Web Application Screening | 2025-06-16 | 5.7 Medium |
| Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data | ||||
| CVE-2024-25715 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2025-06-16 | 6.1 Medium |
| Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. | ||||
| CVE-2024-24034 | 1 Setorinformatica | 1 S.i.l | 2025-06-16 | 6.1 Medium |
| Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code. | ||||
| CVE-2023-26999 | 1 Netscout | 1 Ngeniusone | 2025-06-16 | 9.8 Critical |
| An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. | ||||
| CVE-2024-21794 | 1 Rapidscada | 1 Rapid Scada | 2025-06-16 | 5.4 Medium |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. | ||||
| CVE-2023-42445 | 2 Gradle, Redhat | 2 Gradle, Amq Streams | 2025-06-16 | 6.8 Medium |
| Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities. | ||||
| CVE-2025-5501 | 1 Open5gs | 1 Open5gs | 2025-06-13 | 5.3 Medium |
| A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-36523 | 2 Wvp, Wvp-pro | 2 Gb28181 Pro, Gb28181 | 2025-06-13 | 6.5 Medium |
| An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts. | ||||
| CVE-2024-44106 | 1 Ivanti | 2 Automation, Workspace Control | 2025-06-12 | 8.8 High |
| Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2025-31039 | 2025-06-12 | 9.1 Critical | ||
| Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon allows XML Entity Linking. This issue affects Category Icon: from n/a through 1.0.2. | ||||
| CVE-2025-44044 | 2025-06-12 | 7.5 High | ||
| Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can force a vulnerable SearchUnit host into parsing maliciously crafted XML and/or DTD files can exfiltrate some files from the underlying operating system. | ||||
| CVE-2022-26461 | 2 Google, Mediatek | 15 Android, Mt6833, Mt6853 and 12 more | 2025-06-12 | 6.7 Medium |
| In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032604; Issue ID: ALPS07032604. | ||||
| CVE-2023-7204 | 1 Wp-staging | 1 Wp Staging | 2025-06-11 | 7.5 High |
| The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides | ||||
| CVE-2023-6824 | 1 Marvinlabs | 1 Wp Customer Area | 2025-06-11 | 6.5 Medium |
| The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address. | ||||