Export limit exceeded: 344880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14939 | 2 Anisha, Code-projects | 2 Online Appointment Booking System, Online Appointment Booking System | 2025-12-24 | 4.7 Medium |
| A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument managername results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2025-14885 | 2 Lerouxyxchire, Sourcecodester | 2 Client Database Management System, Client Database Management System | 2025-12-24 | 6.3 Medium |
| A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_leads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-5448 | 2025-12-24 | N/A | ||
| This CVE id was assigned but later discarded. | ||||
| CVE-2024-46858 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux, Rhel Aus and 3 more | 2025-12-24 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action napi_poll netlink_sendmsg __napi_poll netlink_unicast process_backlog netlink_unicast_kernel __netif_receive_skb genl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOK genl_rcv_msg ip_local_deliver_finish genl_family_rcv_msg ip_protocol_deliver_rcu genl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcv mptcp_nl_remove_addrs_list tcp_rcv_established mptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_list_by_saddr mptcp_incoming_options mptcp_pm_del_add_timer mptcp_pm_del_add_timer kfree(entry) In remove_anno_list_by_saddr(running on CPU2), after leaving the critical zone protected by "pm.lock", the entry will be released, which leads to the occurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1). Keeping a reference to add_timer inside the lock, and calling sk_stop_timer_sync() with this reference, instead of "entry->add_timer". Move list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock, do not directly access any members of the entry outside the pm lock, which can avoid similar "entry->x" uaf. | ||||
| CVE-2023-46308 | 1 Plotly | 1 Plotly.js | 2025-12-24 | 9.8 Critical |
| In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty. | ||||
| CVE-2025-68695 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68694 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68693 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68692 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68691 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68690 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68689 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68688 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68687 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-47325 | 1 Qualcomm | 89 Csr8811, Csr8811 Firmware, Ipq8070 and 86 more | 2025-12-23 | 6.5 Medium |
| Information disclosure while processing system calls with invalid parameters. | ||||
| CVE-2025-47350 | 1 Qualcomm | 37 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 34 more | 2025-12-23 | 7.8 High |
| Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application. | ||||
| CVE-2025-47372 | 1 Qualcomm | 47 Qam8255p, Qam8255p Firmware, Qam8620p and 44 more | 2025-12-23 | 9 Critical |
| Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication. | ||||
| CVE-2024-23789 | 2 Sharp, Sharp Corporation | 5 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 2 more | 2025-12-23 | 8.8 High |
| Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product. | ||||
| CVE-2025-59479 | 1 Inaba | 2 Ib-mct001, Ib-mct001 Firmware | 2025-12-23 | 6.1 Medium |
| CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product. | ||||
| CVE-2025-66357 | 1 Inaba | 2 Ib-mct001, Ib-mct001 Firmware | 2025-12-23 | N/A |
| CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally. | ||||