Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59812 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59811 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2024-37404 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-09-23 | 8.8 High |
| Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. | ||||
| CVE-2020-26308 | 2 Ansman, Validatejs | 2 Validate.js, Validate.js | 2025-09-23 | 7.5 High |
| Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. | ||||
| CVE-2024-50354 | 1 Consensys | 1 Gnark | 2025-09-23 | 5.5 Medium |
| gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory. | ||||
| CVE-2024-48463 | 1 Usebruno | 1 Bruno | 2025-09-23 | 6.5 Medium |
| Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer. | ||||
| CVE-2024-6238 | 1 Pgadmin | 1 Pgadmin 4 | 2025-09-23 | 7.4 High |
| pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms. | ||||
| CVE-2024-37678 | 2 Finesoft Project, Hangzhou Meisoft Information Technology | 2 Finesoft, Finesoft | 2025-09-23 | 5.3 Medium |
| Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script. | ||||
| CVE-2024-3660 | 2 Keras, Tensorflow | 2 Keras, Tensorflow | 2025-09-23 | 9.8 Critical |
| A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application. | ||||
| CVE-2024-30974 | 1 Tramyardg | 1 Autoexpress | 2025-09-23 | 7.3 High |
| SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter. | ||||
| CVE-2024-31820 | 2 Ecommerce-codeigniter-bootstrap Project, Ecommerce Codeigniter Bootstrap Project | 2 Ecommerce-codeigniter-bootstrap, Ecommerce Codeigniter Bootstrap | 2025-09-23 | 9.8 Critical |
| An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component. | ||||
| CVE-2024-31821 | 2 Ecommerce-codeigniter-bootstrap Project, Kirilkirkov | 2 Ecommerce-codeigniter-bootstrap, Ecommerce-codeigniter-bootstrap | 2025-09-23 | 8 High |
| SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php component. | ||||
| CVE-2024-31822 | 2 Ecommerce-codeigniter-bootstrap Project, Ecommerce Codeigniter Bootstrap Project | 2 Ecommerce-codeigniter-bootstrap, Ecommerce Codeigniter Bootstrap | 2025-09-23 | 9.8 Critical |
| An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component. | ||||
| CVE-2024-28713 | 1 Mtons | 1 Mblog | 2025-09-23 | 9.8 Critical |
| An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature. | ||||
| CVE-2024-29182 | 1 Collaboraoffice | 1 Collabora Online | 2025-09-23 | 6.1 Medium |
| Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected. | ||||
| CVE-2025-10777 | 1 Jsc | 1 R7-office | 2025-09-22 | 6.3 Medium |
| A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path traversal. The attack can be launched remotely. Upgrading to version 2025.3.1.923 is recommended to address this issue. The affected component should be upgraded. R7-Office is a fork of OpenOffice and at the moment it remains unclear if OpenOffice is affected as well. The OpenOffice team was not able to reproduce the issue in their codebase. The vendor replied: "We confirm that this vulnerability has been verified and patched in release 2025.3.1.923. During our security testing, it was not possible to exploit the issue - the server consistently returns proper error responses to the provided scenarios." | ||||
| CVE-2025-10741 | 1 Selleo | 1 Mentingo | 2025-09-22 | 6.3 Medium |
| A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument userAvatar leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10652 | 1 Wordpress | 1 Wordpress | 2025-09-22 | 6.5 Medium |
| The Robcore Netatmo plugin for WordPress is vulnerable to SQL Injection via the ‘module_id’ attribute of the robcore-netatmo shortcode in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-10778 | 1 Smartstore | 1 Smartstore | 2025-09-22 | 3.1 Low |
| A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10776 | 1 Lioncoders | 1 Salepro Pos | 2025-09-22 | 3.7 Low |
| A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sensitive information. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||