Export limit exceeded: 338070 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338070 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24973 | 1 Nexryai | 1 Concorde | 2025-06-17 | 9.4 Critical |
| Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker to steal authentication tokens. This could have devastating consequences if a user with admin privileges is (or was) using a shared device. Users who have logged in on a shared device should go to Settings > Security and regenerate their login tokens. Version 12.25Q1.1 fixes the issue. As a workaround, clear cookies and site data in the browser after logging out. | ||||
| CVE-2024-13967 | 2025-06-17 | 8.8 High | ||
| This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8. | ||||
| CVE-2025-32920 | 2025-06-17 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0. | ||||
| CVE-2024-47196 | 1 Siemens | 2 Modelsim, Questa | 2025-06-17 | 6.7 Medium |
| A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory. | ||||
| CVE-2022-45699 | 1 Apsystems | 2 Ecu-r, Ecu-r Firmware | 2025-06-17 | 9.8 Critical |
| Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. | ||||
| CVE-2025-3494 | 2025-06-17 | N/A | ||
| This CVE ID has been rejected by its CNA as it was not a security issue. | ||||
| CVE-2025-3493 | 2025-06-17 | N/A | ||
| This CVE ID has been rejected by its CNA as it was not a security issue. | ||||
| CVE-2025-52445 | 2025-06-17 | N/A | ||
| Not used | ||||
| CVE-2025-52444 | 2025-06-17 | N/A | ||
| Not used | ||||
| CVE-2025-52443 | 2025-06-17 | N/A | ||
| Not used | ||||
| CVE-2025-52442 | 2025-06-17 | N/A | ||
| Not used | ||||
| CVE-2025-52441 | 2025-06-17 | N/A | ||
| Not used | ||||
| CVE-2025-52440 | 2025-06-17 | N/A | ||
| Not used | ||||
| CVE-2025-52439 | 2025-06-17 | N/A | ||
| Not used | ||||
| CVE-2025-52438 | 2025-06-17 | N/A | ||
| Not used | ||||
| CVE-2025-52437 | 2025-06-17 | N/A | ||
| Not used | ||||
| CVE-2024-45380 | 2025-06-17 | N/A | ||
| This candidate was in a CNA pool that was not assigned to any issues during 2024. | ||||
| CVE-2024-45069 | 2025-06-17 | N/A | ||
| This candidate was in a CNA pool that was not assigned to any issues during 2024. | ||||
| CVE-2024-45065 | 2025-06-17 | N/A | ||
| This candidate was in a CNA pool that was not assigned to any issues during 2024. | ||||
| CVE-2024-43422 | 2025-06-17 | N/A | ||
| This candidate was in a CNA pool that was not assigned to any issues during 2024. | ||||