Export limit exceeded: 24565 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24565 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7216 | 1 Lty628 | 1 Aidigu | 2025-07-13 | 7.3 High |
| A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-27827 | 1 Mitel | 1 Micontact Center Business | 2025-07-13 | 7.1 High |
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker to access sensitive information, leading to unauthorized access to active chat rooms, reading chat data, and sending messages during an active chat session. | ||||
| CVE-2025-6563 | 1 Mikrotik | 1 Routeros | 2025-07-13 | N/A |
| A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also be converted to a GET request, allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker's account) and triggers the payload. | ||||
| CVE-2025-6386 | 1 Parisneo | 1 Lollms | 2025-07-13 | N/A |
| The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The affected version is the latest, and the issue is resolved in version 20.1. The vulnerability arises from the use of Python's default string equality operator for password comparison, which compares characters sequentially and exits on the first mismatch, leading to variable response times based on the number of matching initial characters. | ||||
| CVE-2025-7378 | 1 Asustor | 1 Adm | 2025-07-13 | N/A |
| An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM: from 4.1 before 4.3.1.R5A1. | ||||
| CVE-2023-27630 | 2 Peepso, Wordpress | 2 Community By Peepso, Wordpress | 2025-07-13 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0. | ||||
| CVE-2023-47639 | 1 Api-platform | 1 Core | 2025-07-13 | 5.3 Medium |
| API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5. | ||||
| CVE-2024-52280 | 1 Suse | 1 Rancher | 2025-07-13 | 7.7 High |
| A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b. | ||||
| CVE-2024-30263 | 1 Xwikisas | 1 Macro Pdfviewer | 2025-07-13 | 7.7 High |
| macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1. | ||||
| CVE-2024-12159 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to extract sensitive configuration data that can be leveraged in another attack. | ||||
| CVE-2024-32726 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2. | ||||
| CVE-2024-56300 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in WPSpins Post/Page Copying Tool allows Retrieve Embedded Sensitive Data.This issue affects Post/Page Copying Tool: from n/a through 2.0.0. | ||||
| CVE-2024-32672 | 1 Samsung Open Source | 1 Escargot | 2025-07-13 | 5.3 Medium |
| A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input. This issue affects Escargot: 4.0.0. | ||||
| CVE-2024-34382 | 2 Robosoft, Wordpress | 2 Robo Gallery, Wordpress | 2025-07-13 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18. | ||||
| CVE-2024-7646 | 1 Kubernetes | 1 Ingress-nginx | 2025-07-13 | 8.8 High |
| A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | ||||
| CVE-2024-53243 | 1 Splunk | 2 Splunk Enterprise, Splunk Secure Gateway | 2025-07-13 | 4.3 Medium |
| In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control. | ||||
| CVE-2024-31207 | 1 Vitejs | 1 Vite | 2025-07-13 | 5.9 Medium |
| Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18. | ||||
| CVE-2023-47818 | 1 Lws | 1 Lws Hide Login | 2025-07-13 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n/a through 2.1.8. | ||||
| CVE-2024-20318 | 1 Cisco | 1 Ios Xr Software | 2025-07-13 | 7.4 High |
| A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition. | ||||
| CVE-2023-48335 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9. | ||||