Export limit exceeded: 10813 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10813 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5936 | 1 Pribai | 1 Privategpt | 2025-07-17 | 6.1 Medium |
| An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability includes potential phishing attacks, malware distribution, and credential theft. | ||||
| CVE-2024-28168 | 1 Apache | 2 Formatting Objects Processor, Xml Graphics Fop | 2025-07-16 | 7.5 High |
| Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue. | ||||
| CVE-2025-25282 | 1 Infiniflow | 1 Ragflow | 2025-07-16 | N/A |
| RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list tenant user accounts, add user account into other tenant). Unauthorized cross-tenant access: list user from other tenant (e.g., via GET /<tenant_id>/user/list), add user account to other tenant (POST /<tenant_id>/user). This issue has not yet been patched. Users are advised to reach out to the project maintainers to coordinate a fix. | ||||
| CVE-2024-9308 | 1 Hliu | 1 Llava | 2025-07-15 | N/A |
| An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft. | ||||
| CVE-2025-5450 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | 6.3 Medium |
| Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted. | ||||
| CVE-2025-7485 | 1 Open5gs | 1 Open5gs | 2025-07-15 | 3.3 Low |
| A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-11167 | 1 Librechat | 1 Librechat | 2025-07-15 | 5.3 Medium |
| An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user. | ||||
| CVE-2024-10366 | 1 Librechat | 1 Librechat | 2025-07-15 | 6.5 Medium |
| An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other users. | ||||
| CVE-2024-28770 | 1 Ibm | 2 Security Directory Integrator, Security Verify Directory Integrator | 2025-07-14 | 4.8 Medium |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | ||||
| CVE-2024-28771 | 1 Ibm | 2 Security Directory Integrator, Security Verify Directory Integrator | 2025-07-14 | 4.8 Medium |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | ||||
| CVE-2024-10812 | 1 Binary-husky | 1 Gpt Academic | 2025-07-14 | N/A |
| An open redirect vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing attacks, distribute malware, and steal user credentials. | ||||
| CVE-2025-27888 | 1 Apache | 1 Druid | 2025-07-14 | 5.4 Medium |
| Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid. This issue affects all previous Druid versions. When using the Druid management proxy, a request that has a specially crafted URL could be used to redirect the request to an arbitrary server instead. This has the potential for XSS or XSRF. The user is required to be authenticated for this exploit. The management proxy is enabled in Druid's out-of-box configuration. It may be disabled to mitigate this vulnerability. If the management proxy is disabled, some web console features will not work properly, but core functionality is unaffected. Users are recommended to upgrade to Druid 31.0.2 or Druid 32.0.1, which fixes the issue. | ||||
| CVE-2025-49539 | 1 Adobe | 1 Coldfusion | 2025-07-13 | 4.5 Medium |
| ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information. Exploitation of this issue does not require user interaction. The vulnerable component is restricted to internal IP addresses. | ||||
| CVE-2025-49535 | 1 Adobe | 1 Coldfusion | 2025-07-13 | 9.3 Critical |
| ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access sensitive information or denial of service by bypassing security measures. Exploitation of this issue does not require user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses. | ||||
| CVE-2025-49544 | 1 Adobe | 1 Coldfusion | 2025-07-13 | 6.8 Medium |
| ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information or bypass security measures. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2024-33619 | 1 Linux | 1 Linux Kernel | 2025-07-13 | 4.4 Medium |
| In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an uninitialized value to free_pool. Free priv.runtime_map only when it was allocated. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. | ||||
| CVE-2024-37158 | 1 Evmos | 1 Evmos | 2025-07-12 | 3.5 Low |
| Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks performed on the two implementation are different. The vulnerability discovered allowed a clawback account to bypass Cosmos ante handler checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos SDK module. This vulnerability is fixed in 18.0.0. | ||||
| CVE-2023-45599 | 1 Ailux | 1 Imx6 Bundle | 2025-07-12 | 5.5 Medium |
| A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | ||||
| CVE-2024-21499 | 1 Greenpau | 1 Caddy-security | 2025-07-12 | 4.3 Medium |
| All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS. | ||||
| CVE-2025-6691 | 1 Brainstormforce | 1 Sureforms | 2025-07-11 | 8.1 High |
| The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||