Export limit exceeded: 10710 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 41776 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 24567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24567 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54250 | 1 Adobe | 1 Experience Manager | 2025-09-12 | 4.9 Medium |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. | ||||
| CVE-2025-54248 | 1 Adobe | 1 Experience Manager | 2025-09-12 | 7.7 High |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Scope is changed | ||||
| CVE-2025-54247 | 1 Adobe | 1 Experience Manager | 2025-09-12 | 6.5 Medium |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. | ||||
| CVE-2025-29089 | 1 Tp-link | 3 Ax10, Ax1500, Tp-link | 2025-09-12 | 7.5 High |
| An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information | ||||
| CVE-2025-36759 | 1 Solax | 1 Solax Cloud | 2025-09-12 | N/A |
| Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers. | ||||
| CVE-2025-10252 | 1 Seat | 1 Queue Ticket Kiosk | 2025-09-12 | 3.1 Low |
| A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only be done within the local network. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-52297 | 1 Tolgee | 1 Tolgee | 2025-09-11 | 9.8 Critical |
| Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in v3.81.2. | ||||
| CVE-2023-38327 | 1 Egroupware | 1 Egroupware | 2025-09-11 | 5.3 Medium |
| An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response. | ||||
| CVE-2025-55444 | 1 Vishalmathur | 1 Online Artwork And Fine Arts Project | 2025-09-11 | 9.8 Critical |
| A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution. | ||||
| CVE-2025-10164 | 2025-09-11 | 7.3 High | ||
| A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-55052 | 2025-09-11 | 4.3 Medium | ||
| CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2025-58442 | 1 Saleor | 1 Saleor | 2025-09-11 | 5.3 Medium |
| Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of `accountRegister` may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the issue. As a workaround, rate-limit the mutation to reduce the impact. | ||||
| CVE-2025-9139 | 1 Scada-lts | 1 Scada-lts | 2025-09-11 | 4.3 Medium |
| A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower." | ||||
| CVE-2024-12564 | 2025-09-11 | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation. | ||||
| CVE-2025-58445 | 1 Runatlantis | 1 Atlantis | 2025-09-10 | 7.5 High |
| Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix. | ||||
| CVE-2025-30151 | 1 Shopware | 1 Shopware | 2025-09-10 | 7.5 High |
| Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. | ||||
| CVE-2025-30150 | 1 Shopware | 1 Shopware | 2025-09-10 | 5.3 Medium |
| Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates clearly that there is no account for this customer. In contrast you get a success response if the account was found. This vulnerability is fixed in Shopware 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. | ||||
| CVE-2025-9109 | 1 Portabilis | 1 I-diario | 2025-09-10 | 3.7 Low |
| A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-20032 | 1 Intel | 7 Proset\/wireless Wifi, Wi-fi 6 Ax101, Wi-fi 6 Ax201 and 4 more | 2025-09-10 | 7.9 High |
| Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2025-59016 | 1 Typo3 | 1 Typo3 | 2025-09-10 | 4.3 Medium |
| Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations. | ||||