Export limit exceeded: 10793 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337224 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54547 | 1 Arista | 1 Danz Monitoring Fabric | 2025-10-30 | 5.3 Medium |
| On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired | ||||
| CVE-2025-54546 | 1 Arista | 1 Danz Monitoring Fabric | 2025-10-30 | 7.5 High |
| On affected platforms, restricted users could use SSH port forwarding to access host-internal services | ||||
| CVE-2025-54545 | 1 Arista | 1 Danz Monitoring Fabric | 2025-10-30 | 7.8 High |
| On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges. | ||||
| CVE-2025-52264 | 1 Starcharge | 1 Artemis | 2025-10-30 | 8 High |
| StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a stack overflow via the cgiMain function at download.cgi. | ||||
| CVE-2025-22052 | 1 Linux | 1 Linux Kernel | 2025-10-30 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix Oops after disconnect in ni_usb If the usb dongle is disconnected subsequent calls to the driver cause a NULL dereference Oops as the bus_interface is set to NULL on disconnect. This problem was introduced by setting usb_dev from the bus_interface for dev_xxx messages. Previously bus_interface was checked for NULL only in the the functions directly calling usb_fill_bulk_urb or usb_control_msg. Check for valid bus_interface on all interface entry points and return -ENODEV if it is NULL. | ||||
| CVE-2025-22051 | 1 Linux | 1 Linux Kernel | 2025-10-30 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix Oops after disconnect in agilent usb If the agilent usb dongle is disconnected subsequent calls to the driver cause a NULL dereference Oops as the bus_interface is set to NULL on disconnect. This problem was introduced by setting usb_dev from the bus_interface for dev_xxx messages. Previously bus_interface was checked for NULL only in the functions directly calling usb_fill_bulk_urb or usb_control_msg. Check for valid bus_interface on all interface entry points and return -ENODEV if it is NULL. | ||||
| CVE-2025-61385 | 1 Tlocke | 1 Pg8000 | 2025-10-30 | 9.6 Critical |
| SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal. | ||||
| CVE-2025-61247 | 1 Indieka900 | 1 Online-shopping-system-php | 2025-10-30 | 8.2 High |
| indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php. | ||||
| CVE-2025-60982 | 1 Educare | 1 Educare Erp | 2025-10-30 | 5.4 Medium |
| IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object identifiers in API requests. Attackers can exploit this flaw to view or modify sensitive records without proper authorization. | ||||
| CVE-2025-60791 | 1 Easywork | 1 Easywork | 2025-10-30 | 6.2 Medium |
| Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump and then they can be used to activate the software on the same machine without purchasing. | ||||
| CVE-2025-60291 | 1 Etimetracklite | 1 Etimetracklite | 2025-10-30 | 9.1 Critical |
| An issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection configurations. | ||||
| CVE-2025-52263 | 1 Starcharge | 1 Artemis | 2025-10-30 | 8 High |
| An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution. | ||||
| CVE-2025-34292 | 1 Bewelcome | 1 Rox | 2025-10-30 | N/A |
| Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize(): the POST parameter `formkit_memory_recovery` in \\RoxPostHandler::getCallbackAction and the 'memory cookie' read by \\RoxModelBase::getMemoryCookie (bwRemember). (1) If present, `formkit_memory_recovery` is processed and passed to unserialize(), and (2) restore-from-memory functionality calls unserialize() on the bwRemember cookie value. Gadget chains present in Rox and bundled libraries enable exploitation of object injection to write arbitrary files or achieve remote code execution. Successful exploitation can lead to full site compromise. This vulnerability was remediated with commit c60bf04 (2025-06-16). | ||||
| CVE-2025-34133 | 1 Wimi Teamwork | 1 Wimi Teamwork | 2025-10-30 | N/A |
| Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery (CSRF) vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrf_token' without validating the field’s value; only the presence of the field is checked. An attacker can craft a cross-site request that causes a logged-in victim’s browser to submit a JSON POST containing an arbitrary or empty 'csrf_token', and the API will execute the request with the victim’s privileges. Successful exploitation can allow an attacker to perform privileged actions as the victim potentially resulting in account takeover, privilege escalation, or service disruption. | ||||
| CVE-2025-26862 | 1 Pingidentity | 1 Pingfederate | 2025-10-30 | N/A |
| Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks. | ||||
| CVE-2025-12351 | 1 Honeywell | 1 S35 Camera | 2025-10-30 | 6.8 Medium |
| Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26). | ||||
| CVE-2025-12290 | 1 Sui Shang Information Technology | 1 Multi-user Mall System | 2025-10-30 | 4.3 Medium |
| A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12289 | 1 Sui Shang Information Technology | 1 Multi-user Mall System | 2025-10-30 | 4.3 Medium |
| A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/category_id/1001. Executing manipulation of the argument category_id can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-37749 | 1 Hubspot | 1 Hubspot | 2025-10-30 | 5.3 Medium |
| Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization. | ||||
| CVE-2025-61482 | 2 Google, Privacyidea | 2 Android, Privacyidea | 2025-10-30 | 7.2 High |
| Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets, enabling generation of valid one-time passwords, and bypassing authentication for enrolled accounts. | ||||