Export limit exceeded: 24565 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24565 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36719 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-09 | 7.8 High |
| Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability | ||||
| CVE-2023-36021 | 1 Microsoft | 1 On-prem Data Gateway | 2025-10-09 | 8 High |
| Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability | ||||
| CVE-2023-36406 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2025-10-08 | 5.5 Medium |
| Windows Hyper-V Information Disclosure Vulnerability | ||||
| CVE-2023-36407 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2025-10-08 | 7.8 High |
| Windows Hyper-V Elevation of Privilege Vulnerability | ||||
| CVE-2023-36043 | 1 Microsoft | 1 System Center Operations Manager | 2025-10-08 | 6.5 Medium |
| Open Management Infrastructure Information Disclosure Vulnerability | ||||
| CVE-2025-58759 | 1 Datahihi1 | 1 Tinyenv | 2025-10-08 | 5.1 Medium |
| TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters (including # or comment text). Applications depending on strict environment values may expose logic errors, insecure defaults, or failed authentication. The issue is fixed in v1.0.11. Users should upgrade to the latest patched version. As a temporary workaround, avoid using inline comments in .env files, or sanitize loaded values manually. | ||||
| CVE-2025-11026 | 2 Givanz, Vvveb | 2 Vvveb, Vvveb | 2025-10-08 | 3.5 Low |
| A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release." | ||||
| CVE-2025-10768 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2025-10-08 | 6.3 Medium |
| A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10769 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2025-10-08 | 6.3 Medium |
| A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10770 | 1 Jeecg | 1 Jimureport | 2025-10-08 | 6.3 Medium |
| A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2025-10771 | 1 Jeecg | 1 Jimureport | 2025-10-08 | 6.3 Medium |
| A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-61768 | 1 Kuno | 1 Kuno Cms | 2025-10-08 | N/A |
| KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF (Server-Side Request Forgery) vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external image reference, causing the server to initiate an outgoing connection to an arbitrary external URL. This can lead to information disclosure or internal network probing. Version 1.3.15 contains a fix for the issue. | ||||
| CVE-2025-11406 | 1 Kaifangqian | 1 Kaifangqian | 2025-10-08 | 4.3 Medium |
| A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2025-52905 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-10-08 | 7.5 High |
| Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207. | ||||
| CVE-2025-5098 | 1 Dynamixsoftware | 1 Printershare | 2025-10-08 | 9.1 Critical |
| PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization. | ||||
| CVE-2025-23268 | 1 Nvidia | 1 Triton Inference Server | 2025-10-08 | 8 High |
| NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue. A successful exploit of this vulnerability may lead to code execution. | ||||
| CVE-2025-59833 | 2 Flagforge, Flagforgectf | 2 Flagforge, Flagforge | 2025-10-08 | 7.5 High |
| Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free, undermining the business logic of the platform and reducing the integrity of the challenge system. This issue has been patched in version 2.3.0. | ||||
| CVE-2024-37895 | 1 Lobehub | 1 Lobe Chat | 2025-10-08 | 5.7 Medium |
| Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue has been addressed in version 0.162.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-22117 | 1 Zabbix | 1 Zabbix | 2025-10-08 | 2.2 Low |
| When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element. | ||||
| CVE-2024-22120 | 1 Zabbix | 2 Zabbix, Zabbix Server | 2025-10-08 | 9.1 Critical |
| Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. | ||||