Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46343 | 1 N8n | 1 N8n | 2025-05-09 | 5 Medium |
| n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME type of uploaded files, and the MIME type could be controlled via a GET parameter. This allows the server to respond with any MIME type, potentially enabling malicious content to be interpreted and executed by the browser. An authenticated attacker with member-level permissions could exploit this by uploading a crafted HTML file containing malicious JavaScript. When another user visits the binary data endpoint with the MIME type set to text/html, the script executes in the context of the user’s session. This script could send a request to change the user’s email address in their account settings, effectively enabling account takeover. This issue has been patched in version 1.90.0. | ||||
| CVE-2023-52308 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-05-09 | 4.7 Medium |
| FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | ||||
| CVE-2025-4060 | 1 Anujk305 | 1 Notice Board System | 2025-05-09 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /category.php. The manipulation of the argument catname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4061 | 1 Fabian | 1 Clothing Store Management System | 2025-05-09 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4062 | 1 Fabian | 1 Theater Seat Booking System | 2025-05-09 | 5.3 Medium |
| A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the argument cancelcustomername leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4064 | 1 Scriptandtools | 1 Online Traveling System | 2025-05-09 | 5.3 Medium |
| A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4086 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-05-09 | 6.5 Medium |
| A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2025-4088 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-05-09 | 6.5 Medium |
| A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2025-4092 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-05-09 | 6.5 Medium |
| Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2025-46584 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 7.8 High |
| Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-46585 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 7.5 High |
| Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-58252 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 6.2 Medium |
| Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-46587 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 6.2 Medium |
| Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-46590 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 6.3 Medium |
| Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions. | ||||
| CVE-2025-46592 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 4.4 Medium |
| Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2022-3741 | 1 Chatwoot | 1 Chatwoot | 2025-05-09 | 9.8 Critical |
| Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. | ||||
| CVE-2022-0074 | 1 Litespeedtech | 1 Openlitespeed | 2025-05-09 | 8.8 High |
| Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. | ||||
| CVE-2022-0072 | 1 Litespeedtech | 1 Openlitespeed | 2025-05-09 | 5.8 Medium |
| Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 | ||||
| CVE-2024-45563 | 1 Qualcomm | 28 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 25 more | 2025-05-09 | 6.6 Medium |
| Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session. | ||||
| CVE-2022-24670 | 1 Forgerock | 1 Access Management | 2025-05-09 | 7.1 High |
| An attacker can use the unrestricted LDAP queries to determine configuration entries | ||||