Export limit exceeded: 340552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340552 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32408 | 1 Soffid | 1 Iam | 2025-07-12 | 2.5 Low |
| In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled. | ||||
| CVE-2025-32464 | 1 Haproxy | 1 Haproxy | 2025-07-12 | 6.8 Medium |
| HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one. | ||||
| CVE-2025-32493 | 2 Vibethemes, Wordpress | 2 Bp Social Connect, Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes BP Social Connect allows Stored XSS. This issue affects BP Social Connect: from n/a through 1.6.2. | ||||
| CVE-2025-32542 | 2 Eazyplugins, Wordpress | 2 Eazy Plugin Manager, Wordpress | 2025-07-12 | 8.8 High |
| Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eazy Plugin Manager: from n/a through 4.3.0. | ||||
| CVE-2025-32553 | 2 Magnigenie, Wordpress | 2 Restropress, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress allows Reflected XSS. This issue affects RestroPress: from n/a through 3.1.8.4. | ||||
| CVE-2025-32554 | 2 Raptive, Wordpress | 2 Raptive Ads, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads allows Reflected XSS. This issue affects Raptive Ads: from n/a through 3.7.3. | ||||
| CVE-2025-32577 | 2 Hakeemnala, Wordpress | 2 Build App Online, Wordpress | 2025-07-12 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online allows PHP Local File Inclusion. This issue affects Build App Online: from n/a through 1.0.23. | ||||
| CVE-2025-32610 | 2 Foliovision, Wordpress | 2 Foliopress Wysiwyg, Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Foliovision: Making the web work for you Foliopress WYSIWYG allows Cross Site Request Forgery. This issue affects Foliopress WYSIWYG: from n/a through 2.6.18. | ||||
| CVE-2025-32613 | 2 Bowo, Wordpress | 2 Debug Log Manager, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS. This issue affects Debug Log Manager: from n/a through 2.3.4. | ||||
| CVE-2025-32665 | 2 Webbytemplate, Wordpress | 2 Office Locator, Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator allows SQL Injection. This issue affects Office Locator: from n/a through 1.3.0. | ||||
| CVE-2025-32743 | 1 Connman | 1 Connman | 2025-07-12 | 9 Critical |
| In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations. | ||||
| CVE-2025-32780 | 1 Bleachbit | 1 Bleachbit | 2025-07-12 | 7.3 High |
| BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0. | ||||
| CVE-2025-32791 | 1 Backstage | 1 Backstage | 2025-07-12 | 4.3 Medium |
| The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission backend. If the permission system is not in use or if the installed permission policy does not use conditional decisions, there is no impact. This issue has been patched in version 0.6.0 of the permissions backend. A workaround includes having administrators of the permission policies ensure that they are crafted in such a way that conditional decisions do not contain any sensitive information. | ||||
| CVE-2025-32807 | 1 Fusiondirectory | 1 Fusiondirectory | 2025-07-12 | 5.3 Medium |
| A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php. | ||||
| CVE-2025-32817 | 1 Sonicwall | 1 Connect Tunnel | 2025-07-12 | 6.1 Medium |
| A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption. | ||||
| CVE-2025-35975 | 1 Microdicom | 1 Dicom Viewer | 2025-07-12 | 8.8 High |
| MicroDicom DICOM Viewer is vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code. The user must open a malicious DCM file for exploitation. | ||||
| CVE-2025-36521 | 1 Microdicom | 1 Dicom Viewer | 2025-07-12 | 8.8 High |
| MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read which may allow an attacker to cause memory corruption within the application. The user must open a malicious DCM file for exploitation. | ||||
| CVE-2025-36625 | 1 Tenable | 1 Nessus | 2025-07-12 | 4.3 Medium |
| In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application. | ||||
| CVE-2025-37730 | 1 Elastic | 1 Logstash | 2025-07-12 | 6.5 Medium |
| Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set. | ||||
| CVE-2025-3063 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||