Export limit exceeded: 335615 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335615 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36538 | 1 Chaos-mesh | 2 Chaos-mesh, Chaos Mesh | 2025-10-14 | 8.8 High |
| Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | ||||
| CVE-2025-46102 | 1 Beakon | 1 Learning Management System Sharable Content Object Reference Model | 2025-10-14 | 5.4 Medium |
| Cross Site Scripting vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version V.5.4.3 allows a remote attacker to obtain sensitive information via the URL parameter | ||||
| CVE-2025-6227 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-10-14 | 2.2 Low |
| Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API. | ||||
| CVE-2025-46001 | 1 Simogeo | 1 Filemanager | 2025-10-14 | 9.8 Critical |
| An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2025-46002 | 1 Simogeo | 1 Filemanager | 2025-10-14 | 6.5 Medium |
| An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint. | ||||
| CVE-2025-46000 | 1 Simogeo | 1 Filemanager | 2025-10-14 | 6.5 Medium |
| An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. | ||||
| CVE-2024-9286 | 1 Trtek Software | 1 Distant Education Platform | 2025-10-14 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platform: before 3.2024.11. | ||||
| CVE-2025-53959 | 1 Jetbrains | 1 Youtrack | 2025-10-14 | 7.6 High |
| In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible | ||||
| CVE-2025-59422 | 1 Langgenius | 1 Dify | 2025-10-14 | 3.1 Low |
| Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/<APP_ID>chat-messages?conversation_id=<CONVERSATION_ID>&limit=10 endpoint allows users in the same workspace to read chat messages of other users. A regular user is able to read the query data and the filename of the admins and probably other users chats, if they know the conversation_id. This impacts the confidentiality of chats. This issue has been patched in version 1.9.0. | ||||
| CVE-2025-46099 | 1 Pluck-cms | 1 Pluck | 2025-10-14 | 7.1 High |
| In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter. | ||||
| CVE-2025-45960 | 1 Tawk | 1 Tawk.to | 2025-10-14 | 6.1 Medium |
| Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding | ||||
| CVE-2025-46018 | 1 Cscsw | 1 Pay Mobile | 2025-10-14 | 5.4 Medium |
| CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss. | ||||
| CVE-2024-7015 | 1 Profelis | 1 Passbox | 2025-10-14 | 9.8 Critical |
| Missing Authentication for Critical Function vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2. | ||||
| CVE-2024-6406 | 2025-10-14 | N/A | ||
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data.This issue affects Mobile Library Application: before 5.0. | ||||
| CVE-2024-6400 | 1 Finrota | 1 Finrota | 2025-10-14 | 7.5 High |
| Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Data from Common Resource Locations. This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. | ||||
| CVE-2024-4658 | 1 Te Informatics | 1 Nova Cms | 2025-10-14 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TE Informatics Nova CMS allows SQL Injection.This issue affects Nova CMS: before 5.0. | ||||
| CVE-2024-4428 | 1 Menulux | 2 Management Portal, Managment Portal | 2025-10-14 | 9.8 Critical |
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024. | ||||
| CVE-2024-4341 | 1 Extremepacs | 1 Extreme Xds | 2025-10-14 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928. | ||||
| CVE-2024-3305 | 1 Utarit | 1 Soliclub | 2025-10-14 | 7.5 High |
| Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android. | ||||
| CVE-2024-1744 | 2 Accordors, Ariva Computer | 2 Accord Ors, Accord Ors | 2025-10-14 | 7.5 High |
| Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1. | ||||