Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43895 | 2025-12-29 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-54061 | 2025-12-29 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-53749 | 2025-12-29 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-48843 | 2025-12-29 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-58408 | 1 Imaginationtech | 2 Ddk, Graphics Ddk | 2025-12-29 | 5.9 Medium |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in which the reference counts can become unbalanced. This can lead to the premature destruction of a resource while in use. | ||||
| CVE-2025-64030 | 1 Chinasystems | 1 Eximbills Enterprise | 2025-12-29 | 5.4 Medium |
| Eximbills Enterprise 4.1.5 (Built on 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript execution in their browsers. | ||||
| CVE-2025-12183 | 2025-12-29 | 6.5 Medium | ||
| Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. | ||||
| CVE-2025-14965 | 2025-12-27 | 5.5 Medium | ||
| A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f. This impacts the function upload/delete of the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Performing manipulation results in path traversal. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2025-30005 | 1 Xorcom | 1 Completepbx | 2025-12-27 | 8.3 High |
| Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35 | ||||
| CVE-2025-30004 | 1 Xorcom | 1 Completepbx | 2025-12-27 | 8.8 High |
| Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35 | ||||
| CVE-2025-2748 | 1 Kentico | 1 Xperience | 2025-12-27 | 6.1 Medium |
| The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. | ||||
| CVE-2025-2292 | 1 Xorcom | 1 Completepbx | 2025-12-27 | 6.5 Medium |
| Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35. | ||||
| CVE-2024-8957 | 1 Ptzoptics | 5 Pt30x-ndi-xx-g2, Pt30x-ndi-xx-g2 Firmware, Pt30x-ndi Firmware and 2 more | 2025-12-27 | 7.2 High |
| PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices. | ||||
| CVE-2019-25230 | 1 Kentico | 1 Xperience | 2025-12-27 | 4.3 Medium |
| An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls. | ||||
| CVE-2019-25228 | 1 Kentico | 1 Xperience | 2025-12-27 | 5.3 Medium |
| An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/image loading. | ||||
| CVE-2025-12819 | 1 Pgbouncer | 1 Pgbouncer | 2025-12-27 | 7.5 High |
| Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage. | ||||
| CVE-2025-64481 | 1 Datasette | 1 Datasette | 2025-12-26 | N/A |
| Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs. | ||||
| CVE-2025-46291 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-26 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks. | ||||
| CVE-2025-24148 | 1 Apple | 1 Macos | 2025-12-26 | 5.5 Medium |
| This issue was addressed with improved handling of executable types. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious JAR file may bypass Gatekeeper checks. | ||||
| CVE-2021-47715 | 1 Hasura | 1 Graphql Engine | 2025-12-26 | 5.3 Medium |
| Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL definitions to potentially access internal network resources. | ||||