Export limit exceeded: 336322 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336322 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62699 | 1 Mediawiki | 2 Checkuser, Mediawiki | 2025-10-21 | N/A |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Translate Extension allows Footprinting. Translate extension appears to use jobs to make edits to translation pages. This causes the CheckUser tool to log the wrong IP and User-Agent making these edits un-auditable via the CheckUser tool.This issue affects Mediawiki - Translate Extension: from master before 1.39. | ||||
| CVE-2025-62694 | 1 Mediawiki | 1 Mediawiki | 2025-10-21 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affects Mediawiki - WikiLove Extension: 1.39. | ||||
| CVE-2025-61045 | 1 Totolink | 2 X18, X18 Firmware | 2025-10-21 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function. | ||||
| CVE-2025-56514 | 1 Suisuijiang | 1 Fiora | 2025-10-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users. | ||||
| CVE-2025-36632 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2025-10-21 | 7.8 High |
| In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege. | ||||
| CVE-2025-46158 | 1 Redox-os | 1 Redox | 2025-10-21 | 6.2 Medium |
| An issue in redoxOS kernel before commit 5d41cd7c allows a local attacker to cause a denial of service via the `setitimer` syscall | ||||
| CVE-2025-10556 | 2 3ds, Dassault | 2 3dexperience Enovia, Enovia Specification Manager | 2025-10-21 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-9337 | 1 Asus | 1 Armoury Crate | 2025-10-21 | N/A |
| A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. | ||||
| CVE-2025-6919 | 2025-10-21 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.This issue affects Aykome License Tracking System: before Version dated 06.10.2025. | ||||
| CVE-2025-9902 | 2025-10-21 | 7.5 High | ||
| Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from 1.05.12 before Version dated 05.09.2025. | ||||
| CVE-2025-55078 | 1 Eclipse | 1 Threadx | 2025-10-21 | 5.5 Medium |
| In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module memory region. | ||||
| CVE-2025-54889 | 1 Centreon | 2 Centreon, Centreon Web | 2025-10-21 | 6.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | ||||
| CVE-2025-54891 | 1 Centreon | 2 Centreon, Centreon Web | 2025-10-21 | 6.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | ||||
| CVE-2025-59483 | 1 F5 | 22 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 19 more | 2025-10-21 | 6.5 Medium |
| A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-8414 | 1 Silabs | 2 Gecko Sdk, Simplicity Sdk | 2025-10-21 | N/A |
| Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerability. | ||||
| CVE-2025-6950 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9010 and 4 more | 2025-10-21 | N/A |
| An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid tokens, thereby bypassing authentication controls and impersonating any user. Exploitation of this vulnerability can result in complete system compromise, enabling unauthorized access, data theft, and full administrative control over the affected device. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems. | ||||
| CVE-2025-6949 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9010 and 4 more | 2025-10-21 | N/A |
| An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user to create a new administrator account, including accounts with usernames identical to existing users. In certain scenarios, this vulnerability could allow an attacker to gain full administrative control over the affected device, leading to potential account impersonation. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems. | ||||
| CVE-2025-6894 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9010 and 4 more | 2025-10-21 | N/A |
| An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping` function, which is restricted to higher-privileged roles. This vulnerability enables the user to perform internal network reconnaissance, potentially discovering internal hosts or services that would otherwise be inaccessible. Repeated exploitation could lead to minor resource consumption. While the overall impact is limited, it may result in some loss of confidentiality and availability on the affected device. There is no impact on the integrity of the device, and the vulnerability does not affect any subsequent systems. | ||||
| CVE-2025-6893 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9010 and 4 more | 2025-10-21 | N/A |
| An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device. This flaw allows a low-privileged authenticated user to call the API without the required permissions, thereby gaining the ability to access or modify system configuration data. Successful exploitation may lead to privilege escalation, allowing the attacker to access or modify sensitive system settings. While the overall impact is high, there is no loss of confidentiality or integrity within any subsequent systems. | ||||
| CVE-2025-6892 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9010 and 4 more | 2025-10-21 | N/A |
| An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for administrative functions. This vulnerability can be exploited after a legitimate user has logged in, as the system fails to properly validate session context or privilege boundaries. An attacker may leverage this flaw to perform unauthorized privileged operations. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems. | ||||