Export limit exceeded: 335291 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7697 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43019 | 1 Opencats | 1 Opencats | 2025-09-24 | 9.8 Critical |
| OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality. | ||||
| CVE-2025-22480 | 1 Dell | 1 Supportassist Os Recovery | 2025-09-24 | 7 High |
| Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges. | ||||
| CVE-2025-54376 | 2 Hoverfly, Spectolabs | 2 Hoverfly, Hoverfly | 2025-09-24 | 7.5 High |
| Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time application logs (information disclosure) and/or gain insight into internal file paths, request/response bodies, and other potentially sensitive data emitted in logs. Version 1.12.0 contains a fix for the issue. | ||||
| CVE-2025-36082 | 1 Ibm | 2 Openpages, Openpages With Watson | 2025-09-24 | 4 Medium |
| IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system. | ||||
| CVE-2025-51818 | 1 Chshcms | 1 Mccms | 2025-09-24 | 5.4 Medium |
| MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands | ||||
| CVE-2025-59713 | 1 Snipeitapp | 1 Snipe-it | 2025-09-23 | 6.8 Medium |
| Snipe-IT before 8.1.18 allows unsafe deserialization. | ||||
| CVE-2025-58662 | 2 Getawesomesupport, Wordpress | 2 Awesome Support, Wordpress | 2025-09-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in awesomesupport Awesome Support allows Object Injection. This issue affects Awesome Support: from n/a through 6.3.4. | ||||
| CVE-2025-53465 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector allows Object Injection. This issue affects GSheets Connector: from n/a through 1.1.1. | ||||
| CVE-2025-57919 | 2 Conveythis, Wordpress | 2 Language Translate Widget For Wordpress Conveythis, Wordpress | 2025-09-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress – ConveyThis allows Object Injection. This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 264. | ||||
| CVE-2025-25266 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2025-09-23 | 6.8 Medium |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality. This could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files. | ||||
| CVE-2025-25267 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2025-09-23 | 6.2 Medium |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the scope of files accessible to the simulation model. This could allow an unauthorized attacker to compromise the confidentiality of the system. | ||||
| CVE-2025-4090 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-09-23 | 5.3 Medium |
| A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2024-53691 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | 8.8 High |
| A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later | ||||
| CVE-2024-11145 | 2 Valor Apps, Valorapps | 2 Easy Folder Listing Pro, Easy Folder Listing Pro | 2025-09-23 | 9.8 Critical |
| Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5. | ||||
| CVE-2021-47447 | 1 Linux | 1 Linux Kernel | 2025-09-22 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/msm/a3xx: fix error handling in a3xx_gpu_init() These error paths returned 1 on failure, instead of a negative error code. This would lead to an Oops in the caller. A second problem is that the check for "if (ret != -ENODATA)" did not work because "ret" was set to 1. | ||||
| CVE-2024-9014 | 2 Pgadmin, Postgresql | 2 Pgadmin 4, Pgadmin 4 | 2025-09-22 | 9.9 Critical |
| pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. | ||||
| CVE-2024-54135 | 2 Clipbucket, Oxygenz | 2 Clickbucket, Clipbucket | 2025-09-22 | 9.8 Critical |
| ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. User inputs were supplied to this function without sanitization via collection GET parameter and photoIDS POST parameter respectively. The decode_key function invokes PHP unserialize function as defined in upload/includes/classes/photos.class.php. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200. | ||||
| CVE-2024-54136 | 2 Clipbucket, Oxygenz | 2 Clickbucket, Clipbucket | 2025-09-22 | 9.8 Critical |
| ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialize function. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200. | ||||
| CVE-2024-49359 | 2 Icewhaletech, Zimaspace | 2 Zimaos, Zimaos | 2025-09-22 | 7.5 High |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Zima_Server_IP:PORT>/v2_1/file` in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on the server. By manipulating the path parameter, attackers can access sensitive system directories such as `/etc`, potentially exposing critical configuration files and increasing the risk of further attacks. As of time of publication, no known patched versions are available. | ||||
| CVE-2025-54640 | 1 Huawei | 1 Harmonyos | 2025-09-20 | 5.5 Medium |
| ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions. | ||||