Export limit exceeded: 335209 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335209 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41913 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | 8.8 High |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input. | ||||
| CVE-2024-41911 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | 5.4 Medium |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation. | ||||
| CVE-2024-41912 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | 9.8 Critical |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls. | ||||
| CVE-2024-41910 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | 6.1 Medium |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used. | ||||
| CVE-2025-45512 | 1 Denx | 1 U-boot | 2025-10-02 | 6.5 Medium |
| A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution. | ||||
| CVE-2025-21024 | 2 Google, Samsung | 2 Android, Smart View | 2025-10-02 | 3.3 Low |
| Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information. | ||||
| CVE-2025-46659 | 1 4cstrategies | 1 Exonaut | 2025-10-02 | 7.5 High |
| An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request. | ||||
| CVE-2025-20033 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-10-02 | 4.3 Medium |
| Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props. | ||||
| CVE-2025-22445 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-10-02 | 3.5 Low |
| Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting. | ||||
| CVE-2024-54846 | 1 Cpplusworld | 2 Cp-vnr-3104, Cp-vnr-3104 Firmware | 2025-10-02 | 5.9 Medium |
| An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack. | ||||
| CVE-2024-54847 | 1 Cpplusworld | 2 Cp-vnr-3104, Cp-vnr-3104 Firmware | 2025-10-02 | 5.9 Medium |
| An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack. | ||||
| CVE-2024-55218 | 1 Icewarp | 2 Icewarp, Server | 2025-10-02 | 6.1 Medium |
| IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter. | ||||
| CVE-2024-54848 | 1 Cpplusworld | 2 Cp-vnr-3104, Cp-vnr-3104 Firmware | 2025-10-02 | 7.4 High |
| Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks. | ||||
| CVE-2024-54849 | 1 Cpplusworld | 2 Cp-vnr-3104, Cp-vnr-3104 Firmware | 2025-10-02 | 5.9 Medium |
| An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack. | ||||
| CVE-2025-20980 | 1 Google | 1 Android | 2025-10-02 | 4 Medium |
| Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption. | ||||
| CVE-2024-52979 | 1 Elastic | 1 Elasticsearch | 2025-10-02 | 6.5 Medium |
| Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash. | ||||
| CVE-2025-25016 | 1 Elastic | 1 Kibana | 2025-10-02 | 4.3 Medium |
| Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation. | ||||
| CVE-2025-26260 | 1 Plenti | 1 Plenti | 2025-10-02 | 8.8 High |
| Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution. | ||||
| CVE-2025-29904 | 1 Jetbrains | 1 Ktor | 2025-10-02 | 5.3 Medium |
| In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible | ||||
| CVE-2025-46565 | 1 Vitejs | 1 Vite | 2025-10-02 | 5.3 Medium |
| Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. Only files that are under project root and are denied by a file matching pattern can be bypassed. `server.fs.deny` can contain patterns matching against files (by default it includes .env, .env.*, *.{crt,pem} as such patterns). These patterns were able to bypass for files under `root` by using a combination of slash and dot (/.). This issue has been patched in versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14. | ||||