Export limit exceeded: 342070 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342070 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342070 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4840 | 1 Erumfaham | 1 Likes And Dislikes | 2025-07-02 | 7.5 High |
| The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | ||||
| CVE-2025-4954 | 1 Axlethemes | 1 Axle Demo Importer | 2025-07-02 | 8.8 High |
| The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server | ||||
| CVE-2025-0823 | 1 Ibm | 1 Cognos Analytics | 2025-07-02 | 6.5 Medium |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2024-49352 | 1 Ibm | 1 Cognos Analytics | 2025-07-02 | 7.1 High |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2024-51466 | 1 Ibm | 1 Cognos Analytics | 2025-07-02 | 9 Critical |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement. | ||||
| CVE-2025-29744 | 1 Vitaly-t | 1 Pg-promise | 2025-07-02 | 5.4 Medium |
| pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers. | ||||
| CVE-2024-40695 | 1 Ibm | 1 Cognos Analytics | 2025-07-02 | 8 High |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | ||||
| CVE-2025-44091 | 1 Yangyouwang | 1 Crud | 2025-07-02 | 5.4 Medium |
| yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function. | ||||
| CVE-2025-48474 | 1 Freescout | 1 Freescout | 2025-07-02 | 8.1 High |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they have access, thereby bypassing the restriction on viewing conversations. This issue has been patched in version 1.8.180. | ||||
| CVE-2025-48475 | 1 Freescout | 1 Freescout | 2025-07-02 | 8.1 High |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the existing mailboxes, as well as to any of the existing conversations, has the ability to view and edit the System's clients. The limitation of client visibility can be implemented by the limit_user_customer_visibility setting, however, in the specified scenarios, there is no check for the presence of this setting. This issue has been patched in version 1.8.180. | ||||
| CVE-2025-40908 | 2 Ingydotnet, Redhat | 3 Yaml-libyaml, Enterprise Linux, Rhel Eus | 2025-07-02 | 9.1 Critical |
| YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified | ||||
| CVE-2024-25047 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2025-07-02 | 8.6 High |
| IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956. | ||||
| CVE-2025-20673 | 1 Mediatek | 10 Mt7902, Mt7902 Firmware, Mt7921 and 7 more | 2025-07-02 | 5.5 Medium |
| In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304. | ||||
| CVE-2025-20675 | 1 Mediatek | 10 Mt7902, Mt7902 Firmware, Mt7921 and 7 more | 2025-07-02 | 5.5 Medium |
| In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-3302. | ||||
| CVE-2025-48940 | 1 Mybb | 1 Mybb | 2025-07-02 | 7.2 High |
| MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion (LFI) via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be unlocked (no `install/lock` file present) and the upgrade script must be accessible (by re-installing the forum via access to `install/index.php`; when the forum has not yet been installed; or the attacker is authenticated as a forum administrator). MyBB 1.8.39 resolves this issue. | ||||
| CVE-2025-44559 | 2025-07-02 | 6.5 Medium | ||
| An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafted control packets. | ||||
| CVE-2025-44557 | 2025-07-02 | 8.1 High | ||
| A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairing_failed packet. | ||||
| CVE-2025-26486 | 2025-07-02 | 6 Medium | ||
| Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234. | ||||
| CVE-2025-26485 | 2025-07-02 | 5.8 Medium | ||
| A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts (in case of the usage of a wrong password or a non existent user). The difference in the returned error messages could be used by attackers to understand whether a certain user is registered in the Identity Manager. This issue affects Life 1st: 1.5.2.14234. | ||||
| CVE-2023-40735 | 1 Butterfly-button | 1 Butterfly Button | 2025-07-02 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cavo – Connecting for a Safer World BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21. | ||||