Export limit exceeded: 10276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7998 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-07-02 | 2.6 Low |
| In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan. | ||||
| CVE-2025-0589 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-07-02 | 5.3 Medium |
| In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly would return specific information from user profiles (Email address/UPN and Display name) from one endpoint and group information ( Group ID and Display name) from the other. This vulnerability does not expose data within the Octopus Server product itself. | ||||
| CVE-2024-49352 | 1 Ibm | 1 Cognos Analytics | 2025-07-02 | 7.1 High |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2024-36486 | 1 Parallels | 1 Parallels Desktop | 2025-07-02 | 7.8 High |
| A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation. | ||||
| CVE-2024-54189 | 1 Parallels | 1 Parallels Desktop | 2025-07-02 | 7.8 High |
| A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation. | ||||
| CVE-2024-12827 | 2025-06-30 | 9.8 Critical | ||
| The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | ||||
| CVE-2025-4407 | 2025-06-30 | 6.7 Medium | ||
| Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1. | ||||
| CVE-2024-4750 | 1 Buddyboss | 1 Buddyboss | 2025-06-30 | 5.3 Medium |
| The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request | ||||
| CVE-2025-0036 | 2025-06-30 | 3.2 Low | ||
| In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data. | ||||
| CVE-2024-22014 | 2 360totalsecurity, Microsoft | 3 360 Total Security, Antivirus, Windows | 2025-06-30 | 8.8 High |
| An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete. | ||||
| CVE-2023-20597 | 1 Amd | 202 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 199 more | 2025-06-27 | 5.5 Medium |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | ||||
| CVE-2023-20594 | 1 Amd | 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more | 2025-06-27 | 4.4 Medium |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | ||||
| CVE-2025-0725 | 3 Haxx, Netapp, Zlib | 12 Curl, Libcurl, Hci Baseboard Management Controller and 9 more | 2025-06-27 | 7.3 High |
| When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. | ||||
| CVE-2022-31651 | 1 Sound Exchange Project | 1 Sound Exchange | 2025-06-27 | 5.5 Medium |
| In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | ||||
| CVE-2023-26590 | 3 Fedoraproject, Redhat, Sound Exchange Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2025-06-27 | 6.2 Medium |
| A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. | ||||
| CVE-2023-32627 | 3 Fedoraproject, Redhat, Sound Exchange Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2025-06-27 | 6.2 Medium |
| A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. | ||||
| CVE-2022-31650 | 1 Sound Exchange Project | 1 Sound Exchange | 2025-06-27 | 5.5 Medium |
| In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | ||||
| CVE-2024-53552 | 1 Crushftp | 1 Crushftp | 2025-06-27 | 9.8 Critical |
| CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover. | ||||
| CVE-2025-3811 | 1 Iqonic | 1 Wpbookit | 2025-06-27 | 9.8 Critical |
| The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the edit_newdata_customer_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | ||||
| CVE-2025-3810 | 1 Iqonic | 1 Wpbookit | 2025-06-27 | 9.8 Critical |
| The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the edit_profile_data() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account. | ||||