Export limit exceeded: 34736 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34736 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20953 | 1 Samsung | 1 Android | 2025-05-13 | 5.1 Medium |
| Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. | ||||
| CVE-2022-41544 | 1 Get-simple | 1 Getsimple Cms | 2025-05-13 | 8.8 High |
| GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. | ||||
| CVE-2024-21090 | 1 Oracle | 2 Mysql Connector\/python, Mysql Connectors | 2025-05-13 | 7.5 High |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2025-24899 | 1 Yogeshojha | 1 Rengine | 2025-05-13 | 7.5 High |
| reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-24968 | 1 Yogeshojha | 1 Rengine | 2025-05-13 | 8.8 High |
| reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds. | ||||
| CVE-2021-33330 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.3 Medium |
| Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal session authentication, which allows remote attackers to obtain sensitive information including the targeted user’s email address and current CSRF token. | ||||
| CVE-2024-25148 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2025-05-13 | 5.4 Medium |
| In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content. | ||||
| CVE-2020-15840 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 5.3 Medium |
| In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs. | ||||
| CVE-2022-3066 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 5.4 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project. | ||||
| CVE-2022-3288 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 3.5 Low |
| A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected. | ||||
| CVE-2022-3286 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 5.3 Medium |
| Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token | ||||
| CVE-2025-30158 | 1 Namelessmc | 1 Nameless | 2025-05-13 | 7.1 High |
| NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker to perform a UI-based denial of service (DoS) by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This issue has been patched in version 2.2.0. | ||||
| CVE-2025-31118 | 1 Namelessmc | 1 Nameless | 2025-05-13 | 7.1 High |
| NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0. | ||||
| CVE-2024-49109 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-05-13 | 6.6 Medium |
| Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | ||||
| CVE-2024-49041 | 1 Microsoft | 1 Edge Chromium | 2025-05-13 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-49114 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-05-13 | 7.8 High |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-49113 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-13 | 7.5 High |
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | ||||
| CVE-2024-49112 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-13 | 9.8 Critical |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | ||||
| CVE-2024-49110 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-05-13 | 6.8 Medium |
| Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-49090 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-13 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||