Export limit exceeded: 342737 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342737 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-33191 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 5.7 Medium |
| NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-33192 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 5.7 Medium |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-33193 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 5.7 Medium |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2025-59305 | 1 Langfuse | 1 Langfuse | 2025-12-02 | 7.6 High |
| Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to data corruption or denial of service through unauthorized access to TRPC endpoints such as backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry. | ||||
| CVE-2025-62687 | 4 Linux, Logstare, Microsoft and 1 more | 5 Linux, Linux Kernel, Collector and 2 more | 2025-12-02 | N/A |
| Cross-site request forgery vulnerability exists in LogStare Collector. If a user views a crafted page while logged, unintended operations may be performed. | ||||
| CVE-2025-64299 | 4 Linux, Logstare, Microsoft and 1 more | 5 Linux, Linux Kernel, Collector and 2 more | 2025-12-02 | 2.7 Low |
| LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes. | ||||
| CVE-2025-64695 | 3 Logstare, Microsoft, Secuavail | 3 Collector, Windows, Logstare Collector | 2025-12-02 | N/A |
| Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitrary code may be executed with the privilege of the user invoking the installer. | ||||
| CVE-2025-8291 | 1 Python | 1 Cpython | 2025-12-02 | 4.3 Medium |
| The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value. | ||||
| CVE-2025-33196 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 4.4 Medium |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2025-33197 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 4.3 Medium |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-33198 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 3.3 Low |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2025-33199 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 3.2 Low |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering. | ||||
| CVE-2025-33200 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 2.3 Low |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2024-45370 | 1 Socomec | 1 Easy Config System | 2025-12-02 | 7.3 High |
| An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability. | ||||
| CVE-2025-58484 | 1 Samsung | 4 Assistant, Cloud, Mobile and 1 more | 2025-12-02 | 4 Medium |
| Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox. | ||||
| CVE-2025-13606 | 2 Smackcoders, Wordpress | 2 Export All Posts, Products, Orders, Refunds & Users, Wordpress | 2025-12-02 | 6.5 Medium |
| The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the `parseData` function. This makes it possible for unauthenticated attackers to export sensitive information including user data, email addresses, password hashes, and WooCommerce data to an attacker-controlled file path on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-13387 | 2 Kadencewp, Wordpress | 2 Kadence Woocommerce Email Designer, Wordpress | 2025-12-02 | 7.2 High |
| The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12529 | 2 Stylemixthemes, Wordpress | 2 Cost Calculator Builder, Wordpress | 2025-12-02 | 8.8 High |
| The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles() function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths into the orders that are removed, when an administrator deletes them. This can lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability requires the Cost Calculator Builder Pro version to be installed along with the free version in order to be exploitable. | ||||
| CVE-2025-8351 | 2 Apple, Avast | 2 Macos, Antivirus | 2025-12-02 | 9 Critical |
| Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98. | ||||
| CVE-2025-7007 | 3 Apple, Avast, Linux | 3 Macos, Antivirus, Linux | 2025-12-02 | 7.5 High |
| NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3. | ||||