Export limit exceeded: 335529 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335529 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25652 | 2 Delinea, Delinea Pam | 2 Secret Server, Secret Server | 2025-10-10 | 7.6 High |
| In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality. | ||||
| CVE-2025-60298 | 2 Novel-plus, Xxyopen | 2 Novel-plus, Novel-plus | 2025-10-10 | 5.4 Medium |
| Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored in the database and executed when other users view the affected book chapter. | ||||
| CVE-2025-60299 | 2 Novel-plus, Xxyopen | 2 Novel-plus, Novel-plus | 2025-10-10 | 5.4 Medium |
| Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database and is executed in other users’ browsers when they view the affected comment thread. | ||||
| CVE-2025-60314 | 1 Configuroweb | 2 Simple Web Inventory System, Sistema Web De Inventario | 2025-10-10 | 5.4 Medium |
| Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting (XSS) due to the lack of input sanitization on the product name parameter (Nombre:Producto) allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript. | ||||
| CVE-2025-60828 | 2 5kcrm, Wukongopensource | 2 Wukongcrm, Wukongcrm | 2025-10-10 | 6.5 Medium |
| WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface. | ||||
| CVE-2024-6679 | 1 Witmy | 1 My-springsecurity-plus | 2025-10-10 | 6.3 Medium |
| A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271152. | ||||
| CVE-2025-60830 | 2 Redragon, Redragon-erp | 2 Erp, Redragon-erp | 2025-10-10 | 6.5 Medium |
| redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key. | ||||
| CVE-2025-60833 | 2 Ghostxbh, Uzy | 2 Uzy-ssm-mall, Ssm Mall | 2025-10-10 | 6.5 Medium |
| An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data. | ||||
| CVE-2025-60834 | 2 Ghostxbh, Uzy | 2 Uzy-ssm-mall, Ssm Mall | 2025-10-10 | 6.5 Medium |
| A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input. | ||||
| CVE-2022-50502 | 1 Linux | 1 Linux Kernel | 2025-10-10 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-50487 | 1 Linux | 1 Linux Kernel | 2025-10-10 | 7.0 High |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-50455 | 1 Linux | 1 Linux Kernel | 2025-10-10 | 7.0 High |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-50338 | 1 Linux | 1 Linux Kernel | 2025-10-10 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-60312 | 2 Rems, Sourcecodester | 2 Markdown To Html Converter, Markdown To Html Converter | 2025-10-10 | 6.1 Medium |
| Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button. | ||||
| CVE-2025-60969 | 2 Endrun, Endruntechnologies | 3 Sonoma D12 Network Time Server, Sonoma D12, Sonoma D12 Firmware | 2025-10-10 | 5.7 Medium |
| Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information. | ||||
| CVE-2025-60967 | 2 Endrun, Endruntechnologies | 3 Sonoma D12 Network Time Server, Sonoma D12, Sonoma D12 Firmware | 2025-10-10 | 7.3 High |
| Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information. | ||||
| CVE-2025-60965 | 2 Endrun, Endruntechnologies | 3 Sonoma D12 Network Time Server, Sonoma D12, Sonoma D12 Firmware | 2025-10-10 | 9.1 Critical |
| OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts. | ||||
| CVE-2025-60964 | 2 Endrun, Endruntechnologies | 3 Sonoma D12 Network Time Server, Sonoma D12, Sonoma D12 Firmware | 2025-10-10 | 9.1 Critical |
| OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts. | ||||
| CVE-2024-6680 | 1 Witmy | 1 My-springsecurity-plus | 2025-10-10 | 6.3 Medium |
| A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271153 was assigned to this vulnerability. | ||||
| CVE-2024-6681 | 1 Witmy | 1 My-springsecurity-plus | 2025-10-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271154 is the identifier assigned to this vulnerability. | ||||