Export limit exceeded: 34581 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7702 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36050 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-08-26 | 6.2 Medium |
| IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user. | ||||
| CVE-2025-8227 | 2 Chancms, Yanyutao0402 | 2 Chancms, Chancms | 2025-08-26 | 6.3 Medium |
| A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The patch is named 33d9bb464353015aaaba84e27638ac9a3912795d. It is recommended to upgrade the affected component. | ||||
| CVE-2024-31415 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2025-08-26 | 6.3 Medium |
| The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration. | ||||
| CVE-2025-3456 | 1 Arista | 1 Eos | 2025-08-26 | 3.8 Low |
| On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships. | ||||
| CVE-2025-54923 | 1 Schneider-electric | 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports | 2025-08-25 | N/A |
| CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization. | ||||
| CVE-2025-8997 | 1 Opentext | 1 Enterprise Security Manager | 2025-08-25 | N/A |
| An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited. | ||||
| CVE-2025-7426 | 1 Minova | 1 Tta | 2025-08-25 | N/A |
| Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse. Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs | ||||
| CVE-2025-2092 | 1 Checkmk | 1 Checkmk | 2025-08-25 | 7.5 High |
| Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators. | ||||
| CVE-2025-8145 | 2 Querysol, Wordpress | 2 Redirection For Contact Form 7, Wordpress | 2025-08-24 | 8.8 High |
| The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the get_lead_fields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in a Contact Form 7 plugin allows attackers to delete arbitrary files. Additionally, in certain server configurations, Remote Code Execution is possible | ||||
| CVE-2025-54053 | 2 Groundhogg, Wordpress | 2 Groundhogg, Wordpress | 2025-08-24 | 6.6 Medium |
| Deserialization of Untrusted Data vulnerability in Adrian Tobey Groundhogg allows Object Injection. This issue affects Groundhogg: from n/a through 4.2.2. | ||||
| CVE-2025-54012 | 2 Welcart, Wordpress | 2 E-commerce, Wordpress | 2025-08-24 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in nanbu Welcart e-Commerce allows Object Injection. This issue affects Welcart e-Commerce: from n/a through 2.11.16. | ||||
| CVE-2009-10005 | 1 Contentkeeper Technologies | 1 Contentkeeper | 2025-08-24 | N/A |
| ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot. | ||||
| CVE-2025-1334 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-24 | 4 Medium |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system. | ||||
| CVE-2024-22330 | 1 Ibm | 1 Security Verify Governance | 2025-08-24 | 5.9 Medium |
| IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||
| CVE-2025-0923 | 1 Ibm | 1 Cognos Analytics | 2025-08-24 | 5.3 Medium |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system. | ||||
| CVE-2025-1348 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-24 | 4 Medium |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy. | ||||
| CVE-2025-2827 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling File Gateway, Linux Kernel and 1 more | 2025-08-24 | 4.3 Medium |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system. | ||||
| CVE-2014-0752 | 1 Ecava | 1 Integraxor | 2025-08-22 | N/A |
| The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. | ||||
| CVE-2025-27496 | 1 Snowflake | 1 Snowflake Jdbc | 2025-08-22 | 3.3 Low |
| Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1. | ||||
| CVE-2025-55010 | 1 Kanboard | 1 Kanboard | 2025-08-22 | 9.1 Critical |
| Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event["data"] field in the project_activities table. A malicious actor can update this field to use a php gadget to write a web shell into the /plugins folder, which then gives remote code execution on the host system. This issue has been patched in version 1.2.47. | ||||