Export limit exceeded: 334991 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334991 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41245 | 1 Vmware | 3 Aria Operations, Cloud Foundation, Tools | 2025-09-30 | 4.9 Medium |
| VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations. | ||||
| CVE-2023-21342 | 1 Google | 1 Android | 2025-09-30 | 7.8 High |
| In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-36255 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-30 | 5.7 Medium |
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in some arbitrary channel. | ||||
| CVE-2025-57730 | 1 Jetbrains | 1 Intellij Idea | 2025-09-30 | 5.2 Medium |
| In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature | ||||
| CVE-2024-11826 | 1 Mdmag | 1 Quill Forms | 2025-09-30 | 6.4 Medium |
| The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-0297 | 1 Code-projects | 1 Online Book Shop | 2025-09-30 | 6.3 Medium |
| A vulnerability was found in code-projects Online Book Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-36241 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-30 | 3.1 Low |
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command | ||||
| CVE-2024-34152 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-30 | 4.3 Medium |
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server | ||||
| CVE-2025-35431 | 1 Cisa | 1 Thorium | 2025-09-30 | 5.4 Medium |
| CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1. | ||||
| CVE-2024-34029 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-30 | 4.3 Medium |
| Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 fail to perform a proper authorization check in the /api/v4/groups/<group-id>/channels/<channel-id>/link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to a channel, even if the user has no access to the team. | ||||
| CVE-2025-0985 | 1 Ibm | 1 Mq | 2025-09-30 | 5.5 Medium |
| IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user. | ||||
| CVE-2025-1403 | 1 Ibm | 1 Qiskit | 2025-09-30 | 8.6 High |
| Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library. | ||||
| CVE-2025-21614 | 2 Go-git Project, Redhat | 8 Go-git, Advanced Cluster Security, Enterprise Linux and 5 more | 2025-09-30 | 7.5 High |
| go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability. | ||||
| CVE-2024-32045 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-30 | 5.9 Medium |
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members of. | ||||
| CVE-2024-31859 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-30 | 4.3 Medium |
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin | ||||
| CVE-2025-22531 | 1 Mbilalm | 1 Urdu Formatter | 2025-09-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M Bilal M Urdu Formatter – Shamil allows Stored XSS.This issue affects Urdu Formatter – Shamil: from n/a through 0.1. | ||||
| CVE-2024-34010 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2025-09-30 | N/A |
| Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386. | ||||
| CVE-2020-11904 | 1 Treck | 1 Tcp\/ip | 2025-09-30 | 7.3 High |
| The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. | ||||
| CVE-2019-6833 | 1 Schneider-electric | 49 Hmig2u, Hmig3u, Hmig3ufc and 46 more | 2025-09-30 | 6.5 Medium |
| A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel. | ||||
| CVE-2023-0917 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-09-30 | 7.3 High |
| A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221493 was assigned to this vulnerability. | ||||