Export limit exceeded: 336182 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336182 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62635 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62634 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62633 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62632 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-20357 | 1 Cisco | 2 Cyber Vision, Cyber Vision Center | 2025-10-18 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials that allow access to the Reports page. By default, all pre-defined users have this access, as do any custom users that are configured to allow access to the Reports page. | ||||
| CVE-2025-56676 | 1 Titansystems | 1 Zender | 2025-10-18 | 5.4 Medium |
| TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain unauthorized access to any user account by exploiting the password reset mechanism. The vulnerability occurs because the reset token is not correctly bound to the requesting account and is accepted for other user emails during login, enabling privilege escalation and information disclosure. | ||||
| CVE-2025-56200 | 2 Validator Project, Validatorjs | 2 Validator, Validator.js | 2025-10-18 | 6.1 Medium |
| A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks. | ||||
| CVE-2025-20356 | 1 Cisco | 2 Cyber Vision, Cyber Vision Center | 2025-10-18 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials that allow access to the Sensor Explorer page. By default, Admin and Product user roles have this access, as do any custom users that are configued to allow access to the Sensors page. | ||||
| CVE-2025-45143 | 1 Devrafalko | 1 String-math | 2025-10-18 | 7 High |
| string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input. | ||||
| CVE-2025-45424 | 1 Xinference | 1 Xinference | 2025-10-18 | 5.3 Medium |
| Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication. | ||||
| CVE-2025-40715 | 1 Quiter | 1 Quiter Gateway | 2025-10-18 | 9.8 Critical |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo mensaje in /QISClient/api/v1/sucesospaginas. | ||||
| CVE-2025-40716 | 1 Quiter | 1 Quiter Gateway | 2025-10-18 | 9.8 Critical |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action. | ||||
| CVE-2025-40717 | 1 Quiter | 1 Quiter Gateway | 2025-10-18 | 9.8 Critical |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagina. | ||||
| CVE-2025-40718 | 1 Quiter | 1 Quiter Gateway | 2025-10-18 | 7.5 High |
| Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information. | ||||
| CVE-2025-40719 | 1 Quiter | 1 Quiter Gateway | 2025-10-18 | 6.1 Medium |
| Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_concesion parameter in /<Client>FacturaE/VerFacturaPDF. | ||||
| CVE-2025-40720 | 1 Quiter | 1 Quiter Gateway | 2025-10-18 | 6.1 Medium |
| Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /<Client>FacturaE/VerFacturaPDF. | ||||
| CVE-2025-40721 | 1 Quiter | 1 Quiter Gateway | 2025-10-18 | 5.4 Medium |
| Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_factura parameter in /<Client>FacturaE/listado_facturas_ficha.jsp. | ||||
| CVE-2025-59941 | 1 Filecoin | 1 Go-f3 | 2025-10-18 | 5.9 Medium |
| go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9. | ||||
| CVE-2025-59942 | 1 Filecoin | 1 Go-f3 | 2025-10-18 | 7.5 High |
| go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7. | ||||
| CVE-2025-56301 | 1 Chipsalliance | 1 Rocket-chip | 2025-10-17 | 7.5 High |
| An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 (2025-01-29) allowing attackers to corrupt exception handling and privilege state transitions via a flawed interaction between exception handling and MRET return mechanisms in the CSR logic when an exception is triggered during MRET execution. The Control and Status Register (CSR) logic has a flawed interaction between exception handling and exception return (MRET) mechanisms which can cause faulty trap behavior. When the MRET instruction is executed in machine mode without being in an exception state, an Instruction Access Fault may be triggered. This results in both the exception handling logic and the exception return logic activating simultaneously, leading to conflicting updates to the control and status registers. | ||||