Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55726 | 2025-08-15 | N/A | ||
| Not used | ||||
| CVE-2025-55725 | 2025-08-15 | N/A | ||
| Not used | ||||
| CVE-2025-55724 | 2025-08-15 | N/A | ||
| Not used | ||||
| CVE-2025-55723 | 2025-08-15 | N/A | ||
| Not used | ||||
| CVE-2025-55722 | 2025-08-15 | N/A | ||
| Not used | ||||
| CVE-2025-55721 | 2025-08-15 | N/A | ||
| Not used | ||||
| CVE-2025-55720 | 2025-08-15 | N/A | ||
| Not used | ||||
| CVE-2025-55719 | 2025-08-15 | N/A | ||
| Not used | ||||
| CVE-2025-55718 | 2025-08-15 | N/A | ||
| Not used | ||||
| CVE-2021-20087 | 1 Acemetrix | 1 Jquery-deparam | 2025-08-14 | 8.8 High |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype. | ||||
| CVE-2020-9295 | 1 Fortinet | 4 Antivirus Engine, Forticlient, Fortigate and 1 more | 2025-08-14 | 4.7 Medium |
| FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious files. Based on the samples provided, FortiClient will detect the malicious files upon trying extraction by real-time scanning and FortiGate will detect the malicious archive if Virus Outbreak Prevention is enabled. | ||||
| CVE-2024-54951 | 1 Monicahq | 1 Monica | 2025-08-14 | 5.4 Medium |
| Monica 4.1.2 is vulnerable to Cross Site Scripting (XSS). A malicious user can create a malformed contact and use that contact in the "HOW YOU MET" customization options to trigger the XSS. | ||||
| CVE-2024-57329 | 1 Hortusfox | 1 Hortusfox | 2025-08-14 | 5.4 Medium |
| HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads. | ||||
| CVE-2025-49321 | 2 Themewinter, Wordpress | 2 Eventin, Wordpress | 2025-08-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28. | ||||
| CVE-2025-36582 | 1 Dell | 1 Networker | 2025-08-14 | 4.8 Medium |
| Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2025-45872 | 1 Zrlog | 1 Zrlog | 2025-08-14 | 9.8 Critical |
| zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter. | ||||
| CVE-2025-53632 | 1 Ctfer-io | 1 Chall-manager | 2025-08-14 | 9.1 Critical |
| Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. Patch has been implemented by commit 47d188f and shipped in v0.1.4. | ||||
| CVE-2025-53633 | 1 Ctfer-io | 1 Chall-manager | 2025-08-14 | 9.8 Critical |
| Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. Patch has been implemented by commit 14042aa and shipped in v0.1.4. | ||||
| CVE-2025-53634 | 1 Ctfer-io | 1 Chall-manager | 2025-08-14 | 7.5 High |
| Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. Patch has been implemented by commit 1385bd8 and shipped in v0.1.4. | ||||
| CVE-2025-53643 | 1 Aiohttp | 1 Aiohttp | 2025-08-14 | 7.5 High |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue. | ||||