Export limit exceeded: 10792 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10792 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-40630 | 1 Icewarp | 1 Mail Server | 2025-10-09 | 6.1 Medium |
| Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example “ https://icewarp.domain.com//<MALICIOUS_DOMAIN>/%2e%2e” https://icewarp.domain.com///%2e%2e” . This vulnerability has been tested in Firefox. | ||||
| CVE-2025-40631 | 1 Icewarp | 1 Mail Server | 2025-10-09 | 6.1 Medium |
| HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected. | ||||
| CVE-2025-10091 | 1 Jinher | 1 Jinher Oa | 2025-10-09 | 7.3 High |
| A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-10092 | 1 Jinher | 1 Jinher Oa | 2025-10-09 | 7.3 High |
| A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-50420 | 1 Freedesktop | 1 Poppler | 2025-10-09 | 6.5 Medium |
| An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS). | ||||
| CVE-2025-54310 | 1 Qbittorrent | 1 Qbittorrent | 2025-10-09 | 4 Medium |
| qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp. | ||||
| CVE-2025-51479 | 1 Onyx | 1 Onyx | 2025-10-09 | 5.4 Medium |
| Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks. | ||||
| CVE-2025-3027 | 1 Primekey | 1 Ejbca | 2025-10-09 | 6.1 Medium |
| The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be redirected to potentially malicious external sites, which can be exploited for phishing or other social engineering attacks. | ||||
| CVE-2023-36013 | 1 Microsoft | 1 Powershell | 2025-10-09 | 6.5 Medium |
| PowerShell Information Disclosure Vulnerability | ||||
| CVE-2023-36043 | 1 Microsoft | 1 System Center Operations Manager | 2025-10-08 | 6.5 Medium |
| Open Management Infrastructure Information Disclosure Vulnerability | ||||
| CVE-2025-20369 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-10-08 | 4.6 Medium |
| In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE injection has the potential to cause denial of service (DoS) attacks. | ||||
| CVE-2025-11035 | 1 Jinher | 1 Jinher Oa | 2025-10-08 | 6.3 Medium |
| A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-41091 | 2 Boldworkplanner, Gps | 2 Bold Workplanner, Bold Workplanner | 2025-10-08 | 4.3 Medium |
| Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers. | ||||
| CVE-2025-41099 | 2 Boldworkplanner, Gps | 2 Bold Workplanner, Bold Workplanner | 2025-10-08 | 6.5 Medium |
| Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the list of permissions using unauthorised internal identifiers. | ||||
| CVE-2025-41098 | 2 Boldworkplanner, Gps | 2 Bold Workplanner, Bold Workplanner | 2025-10-08 | 7.5 High |
| Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a misuse of the general enquiry web service. | ||||
| CVE-2025-41097 | 2 Boldworkplanner, Gps | 2 Bold Workplanner, Bold Workplanner | 2025-10-08 | 4.3 Medium |
| Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic employee details using unauthorised internal identifiers. | ||||
| CVE-2025-41096 | 2 Boldworkplanner, Gps | 2 Bold Workplanner, Bold Workplanner | 2025-10-08 | 4.3 Medium |
| Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the dates of the current contract details using unauthorised internal identifiers. | ||||
| CVE-2025-41095 | 2 Boldworkplanner, Gps | 2 Bold Workplanner, Bold Workplanner | 2025-10-08 | 4.3 Medium |
| Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter details using unauthorised internal identifiers. | ||||
| CVE-2025-41094 | 2 Boldworkplanner, Gps | 2 Bold Workplanner, Bold Workplanner | 2025-10-08 | 4.3 Medium |
| Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contract details using unauthorised internal identifiers. | ||||
| CVE-2025-41093 | 2 Boldworkplanner, Gps | 2 Bold Workplanner, Bold Workplanner | 2025-10-08 | 4.3 Medium |
| Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic contract details using unauthorised internal identifiers. | ||||