Export limit exceeded: 336544 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336544 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62659 | 1 Mediawiki | 2 Cookieconsent, Mediawiki | 2025-10-23 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0. | ||||
| CVE-2025-62606 | 1 My Little Forum | 1 My Little Forum | 2025-10-23 | 8.8 High |
| my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. This issue has been patched in version 2.5.12. | ||||
| CVE-2025-62611 | 1 Aio-libs | 1 Aiomysql | 2025-10-23 | N/A |
| aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL server that emulates authorization, ignores client flags and requests arbitrary files from the client by sending a LOAD_LOCAL instruction packet. This issue has been patched in version 0.3.0. | ||||
| CVE-2025-24934 | 1 Freebsd | 1 Freebsd | 2025-10-23 | 5.4 Medium |
| Software which sets SO_REUSEPORT_LB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect(2) and implied connect via sendto(2), and may leave the application vulnerable to spoofing attacks. The kernel failed to check the connection state of sockets when adding them to load-balancing groups. Furthermore, when looking up the destination socket for an incoming packet, the kernel will match a socket belonging to a load-balancing group even if it is connected, in violation of the contract that connected sockets are only supposed to receive packets originating from the connected host. | ||||
| CVE-2025-62812 | 2025-10-23 | N/A | ||
| Not used | ||||
| CVE-2025-62811 | 2025-10-23 | N/A | ||
| Not used | ||||
| CVE-2025-62810 | 2025-10-23 | N/A | ||
| Not used | ||||
| CVE-2025-62809 | 2025-10-23 | N/A | ||
| Not used | ||||
| CVE-2025-62808 | 2025-10-23 | N/A | ||
| Not used | ||||
| CVE-2025-62807 | 2025-10-23 | N/A | ||
| Not used | ||||
| CVE-2025-62806 | 2025-10-23 | N/A | ||
| Not used | ||||
| CVE-2025-62805 | 2025-10-23 | N/A | ||
| Not used | ||||
| CVE-2025-62804 | 2025-10-23 | N/A | ||
| Not used | ||||
| CVE-2023-52892 | 1 Phpseclib | 1 Phpseclib | 2025-10-22 | 7.5 High |
| In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification. | ||||
| CVE-2025-11945 | 1 Toeverything | 1 Affine | 2025-10-22 | 3.5 Low |
| A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6424 | 1 Mesbook | 1 Mesbook | 2025-10-22 | 9.3 Critical |
| External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=<ARCHIVO|URL INTERNA|IP/HOST" to read the source code of web files, read internal files or access network resources. | ||||
| CVE-2024-6425 | 1 Mesbook | 1 Mesbook | 2025-10-22 | 9.1 Critical |
| Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=<RANDOMUSER>&Password=<PASSWORD>&ConfirmPassword=<PASSWORD-REPEAT>". | ||||
| CVE-2024-3232 | 1 Tenable | 1 Identity Exposure | 2025-10-22 | 7.6 High |
| A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232 | ||||
| CVE-2024-6436 | 1 Rockwellautomation | 1 Sequencemanager | 2025-10-22 | 6.5 Medium |
| An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, however the equipment sequence would continue to execute uninterrupted. | ||||
| CVE-2024-9097 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2025-10-22 | 3.5 Low |
| ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. | ||||