Export limit exceeded: 335122 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335122 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335122 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9697 | 1 Wordpress | 1 Wordpress | 2025-10-03 | 9.8 Critical |
| The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | ||||
| CVE-2025-40645 | 1 Viday | 1 Viday | 2025-10-03 | N/A |
| Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to “/api/reserva/web/clients” using the “phone” parameter. | ||||
| CVE-2025-11020 | 3 Linux, Markany, Microsoft | 3 Linux, Safepc Enterprise, Windows | 2025-10-03 | 8.8 High |
| An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*. | ||||
| CVE-2025-58775 | 1 Keyence | 3 Kv Studio, Vt5-wx12, Vt5-wx15 | 2025-10-03 | 7.8 High |
| KV STUDIO and VT5-WX15/WX12 contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. | ||||
| CVE-2025-11182 | 1 Gtone | 1 Changeflow | 2025-10-03 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All versions to v9.0.1.1. | ||||
| CVE-2025-57443 | 2 Apple, Frostwire | 2 Macos, Frostwire | 2025-10-03 | 5.1 Medium |
| FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows escalated privileges to arbitrary TCC-approved directories. | ||||
| CVE-2025-40992 | 1 Creativeitem | 1 Sociopro | 2025-10-03 | N/A |
| Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/update_profile', affecting to 'name' parameter via POST. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal his/her cookie session details. | ||||
| CVE-2025-41010 | 1 Hiberus | 1 Sintra | 2025-10-03 | N/A |
| Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled. | ||||
| CVE-2025-41064 | 1 Gtt | 1 Opensiac | 2025-10-03 | N/A |
| Incorrect authentication vulnerability in OpenSIAC, which could allow an attacker to impersonate a person using Cl@ve as an authentication method. | ||||
| CVE-2024-58260 | 2 Rancher, Suse | 2 Rancher, Rancher | 2025-10-03 | 7.6 High |
| A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts. | ||||
| CVE-2025-0642 | 1 Poscube | 1 Assist | 2025-10-03 | 6.3 Medium |
| Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025. | ||||
| CVE-2025-53881 | 2 Exim, Opensuse | 2 Exim, Tumbleweed | 2025-10-03 | N/A |
| A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1. | ||||
| CVE-2023-28760 | 1 Tp-link | 1 Archer Ax21 | 2025-10-03 | 7.5 High |
| TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in minidlna-1.1.2/upnpsoap.c. Exploitation requires that a USB flash drive is connected to the router (customers often do this to make a \\192.168.0.1 share available on their local network). | ||||
| CVE-2025-61671 | 2025-10-03 | N/A | ||
| Further research determined the issue is not an open source vulnerability. | ||||
| CVE-2025-61847 | 2025-10-03 | N/A | ||
| Not used | ||||
| CVE-2025-5511 | 1 Quequnlong | 1 Shiyi-blog | 2025-10-03 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5512 | 1 Quequnlong | 1 Shiyi-blog | 2025-10-03 | 7.3 High |
| A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-30359 | 1 Webpack.js | 1 Webpack-dev-server | 2025-10-03 | 5.3 Medium |
| webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when they access a malicious web site. Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject a malicious script in their site and run the script. Note that the attacker has to know the port and the output entrypoint script path. Combined with prototype pollution, the attacker can get a reference to the webpack runtime variables. By using `Function::toString` against the values in `__webpack_modules__`, the attacker can get the source code. Version 5.2.1 contains a patch for the issue. | ||||
| CVE-2025-5513 | 1 Quequnlong | 1 Shiyi-blog | 2025-10-03 | 3.5 Low |
| A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5569 | 1 Ideacms | 1 Ideacms | 2025-10-03 | 6.3 Medium |
| A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component. | ||||