Export limit exceeded: 334808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334808 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50563 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 1 more | 2025-09-24 | 6.7 Medium |
| A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. | ||||
| CVE-2023-3726 | 1 Ocsinventory-ng | 1 Ocsinventory-ocsreports | 2025-09-24 | 6.9 Medium |
| OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. | ||||
| CVE-2025-57961 | 2 Codexpert, Wordpress | 2 Codesigner, Wordpress | 2025-09-24 | 4.3 Medium |
| Missing Authorization vulnerability in Codexpert, Inc CoDesigner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoDesigner: from n/a through 4.25.2. | ||||
| CVE-2025-57960 | 2 Travelmap, Wordpress | 2 Travelmap, Wordpress | 2025-09-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in TravelMap Travel Map allows Cross Site Request Forgery. This issue affects Travel Map: from n/a through 1.0.3. | ||||
| CVE-2025-57959 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmatsuur Slightly troublesome permalink allows Stored XSS. This issue affects Slightly troublesome permalink: from n/a through 1.2.0. | ||||
| CVE-2025-30516 | 1 Mattermost | 1 Mattermost Mobile | 2025-09-24 | 2 Low |
| Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications | ||||
| CVE-2025-23249 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-09-24 | 7.6 High |
| NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
| CVE-2025-23250 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-09-24 | 7.6 High |
| NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
| CVE-2025-23251 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-09-24 | 7.6 High |
| NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
| CVE-2025-22480 | 1 Dell | 1 Supportassist Os Recovery | 2025-09-24 | 7 High |
| Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges. | ||||
| CVE-2025-46394 | 1 Busybox | 1 Busybox | 2025-09-24 | 3.2 Low |
| In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. | ||||
| CVE-2024-39702 | 1 Openresty | 1 Openresty | 2025-09-24 | 5.9 Medium |
| In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected. | ||||
| CVE-2025-54376 | 2 Hoverfly, Spectolabs | 2 Hoverfly, Hoverfly | 2025-09-24 | 7.5 High |
| Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time application logs (information disclosure) and/or gain insight into internal file paths, request/response bodies, and other potentially sensitive data emitted in logs. Version 1.12.0 contains a fix for the issue. | ||||
| CVE-2025-47910 | 2 Go Standard Library, Golang | 3 Net\/http, Http2, Net | 2025-09-24 | 5.4 Medium |
| When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections. | ||||
| CVE-2023-2507 | 1 Clevertap | 1 Clevertap | 2025-09-24 | 9.3 Critical |
| CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. | ||||
| CVE-2025-57958 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.3 Medium |
| Missing Authorization vulnerability in WPXPO WowAddons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowAddons: from n/a through 1.0.17. | ||||
| CVE-2024-5960 | 2 Eliz Software, Elizsoftware | 2 Panel, Panel | 2025-09-24 | 9.8 Critical |
| Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24. | ||||
| CVE-2025-57957 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.3 Medium |
| Missing Authorization vulnerability in wpcraft WooMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooMS: from n/a through 9.12. | ||||
| CVE-2025-10630 | 2 Grafana, Zabbix | 2 Grafana, Zabbix | 2025-09-24 | 4.3 Medium |
| Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via user-supplied regex query which could causes CPU usage to max out. This vulnerability is fixed in version 6.0.0. | ||||
| CVE-2025-57956 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcraft WooMS allows Stored XSS. This issue affects WooMS: from n/a through 9.12. | ||||