Export limit exceeded: 10276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55060 | 2025-12-31 | 6.1 Medium | ||
| CWE-601 URL Redirection to Untrusted Site ('Open Redirect') | ||||
| CVE-2025-15251 | 2025-12-31 | 5.6 Medium | ||
| A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue report: "Okay, we'll handle it as soon as possible." | ||||
| CVE-2025-15106 | 2 Getmaxun, Maxun | 2 Maxun, Maxun | 2025-12-31 | 6.3 Medium |
| A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-56643 | 1 Requarks | 1 Wiki.js | 2025-12-31 | 9.1 Critical |
| Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a token is compromised. The issue is present in the authentication resolver logic and affects both the GraphQL endpoint and the logout mechanism. | ||||
| CVE-2024-56143 | 1 Strapi | 1 Strapi | 2025-12-31 | 8.2 High |
| Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset tokens, by crafting queries with the lookup parameter. This vulnerability is fixed in 5.5.2. | ||||
| CVE-2024-53406 | 1 Espressif | 1 Esp-idf | 2025-12-31 | 8.8 High |
| Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks. | ||||
| CVE-2025-64012 | 1 Invoiceplane | 1 Invoiceplane | 2025-12-31 | 4.3 Medium |
| InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data. | ||||
| CVE-2025-65318 | 2 Canarymail, Microsoft | 2 Canary Mail, Windows | 2025-12-31 | 9.1 Critical |
| When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software. | ||||
| CVE-2025-65319 | 1 Blixhq | 1 Bluemail | 2025-12-31 | 9.1 Critical |
| When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software. | ||||
| CVE-2025-52552 | 1 Fastgpt | 1 Fastgpt | 2025-12-29 | 6.1 Medium |
| FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12. | ||||
| CVE-2025-62690 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-12-29 | 3.1 Low |
| Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab. | ||||
| CVE-2024-12289 | 1 Hashicorp | 1 Boundary | 2025-12-29 | 5.9 Medium |
| Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2. | ||||
| CVE-2024-7625 | 1 Hashicorp | 1 Nomad | 2025-12-29 | 5.8 Medium |
| In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability. | ||||
| CVE-2024-58335 | 1 Jcthiele | 1 Openxrechnungtoolbox | 2025-12-29 | 5 Medium |
| OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java. | ||||
| CVE-2018-25129 | 2025-12-29 | 7.5 High | ||
| SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard. | ||||
| CVE-2018-25142 | 2025-12-29 | 9.8 Critical | ||
| NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack. | ||||
| CVE-2025-68937 | 1 Forgejo | 1 Forgejo | 2025-12-29 | 9.9 Critical |
| Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later. | ||||
| CVE-2025-50433 | 1 Monnit | 1 Imonnit | 2025-12-29 | 9.8 Critical |
| An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts. | ||||
| CVE-2025-1889 | 1 Mmaitre314 | 1 Picklescan | 2025-12-29 | 9.8 Critical |
| picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not considered as part of the scope of picklescan, the file would pass security checks and appear to be safe, when it could instead prove to be problematic. | ||||
| CVE-2025-64481 | 1 Datasette | 1 Datasette | 2025-12-26 | N/A |
| Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs. | ||||