Export limit exceeded: 344013 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344013 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-54325 | 1 Linux | 1 Linux Kernel | 2025-12-31 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver copies the key provided by the user into a data structure that is accessible by the firmware. If the target device is QAT GEN4, the key size is rounded up by 16 since a rounded up size is expected by the device. If the key size is rounded up before the copy, the size used for copying the key might be bigger than the size of the region containing the key, causing an out-of-bounds read. Fix by doing the copy first and then update the keylen. This is to fix the following warning reported by KASAN: [ 138.150574] BUG: KASAN: global-out-of-bounds in qat_alg_skcipher_init_com.isra.0+0x197/0x250 [intel_qat] [ 138.150641] Read of size 32 at addr ffffffff88c402c0 by task cryptomgr_test/2340 [ 138.150651] CPU: 15 PID: 2340 Comm: cryptomgr_test Not tainted 6.2.0-rc1+ #45 [ 138.150659] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.86B.0087.D13.2208261706 08/26/2022 [ 138.150663] Call Trace: [ 138.150668] <TASK> [ 138.150922] kasan_check_range+0x13a/0x1c0 [ 138.150931] memcpy+0x1f/0x60 [ 138.150940] qat_alg_skcipher_init_com.isra.0+0x197/0x250 [intel_qat] [ 138.151006] qat_alg_skcipher_init_sessions+0xc1/0x240 [intel_qat] [ 138.151073] crypto_skcipher_setkey+0x82/0x160 [ 138.151085] ? prepare_keybuf+0xa2/0xd0 [ 138.151095] test_skcipher_vec_cfg+0x2b8/0x800 | ||||
| CVE-2025-15017 | 1 Moxa | 11 Nport 5000ai-m12 Series, Nport 5100 Series, Nport 5100a Series and 8 more | 2025-12-31 | N/A |
| A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified. | ||||
| CVE-2025-15227 | 1 Welltend | 1 Bpmflowwebkit | 2025-12-31 | 7.5 High |
| BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. | ||||
| CVE-2025-15228 | 1 Welltend | 1 Bpmflowwebkit | 2025-12-31 | 9.8 Critical |
| BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | ||||
| CVE-2025-57460 | 1 Machsol | 1 Machpanel | 2025-12-31 | 9.8 Critical |
| File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell. | ||||
| CVE-2025-57462 | 1 Machsol | 1 Machpanel | 2025-12-31 | 6.1 Medium |
| Stored cross-site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file. | ||||
| CVE-2025-65442 | 1 Xxyopen | 1 Novel | 2025-12-31 | 6.1 Medium |
| DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information (e.g., user session cookies) via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage. The vulnerability arises from insufficient validation and encoding of user-controllable data in the book comment module: unfiltered user input is stored in the backend database (book_comment table, commentContent field) and returned via API, then rendered directly into the page DOM via Vue 3's v-html directive without sanitization. Even if modern browsers' built-in XSS filters block pop-up alerts, attackers can use concealed payloads to bypass interception and achieve actual harm. | ||||
| CVE-2025-65570 | 1 Jsish | 1 Jsish | 2025-12-31 | 9.8 Critical |
| A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather than consuming it during OP_INSTANCEOF. As a result, OP_NEXT interprets the array as an iterator object and reads the iterCmd function pointer from an invalid structure, potentially causing a crash or enabling code execution depending on heap layout. | ||||
| CVE-2025-68929 | 1 Frappe | 1 Frappe | 2025-12-31 | 9.1 Critical |
| Frappe is a full-stack web application framework. Prior to versions 14.99.6 and 15.88.1, an authenticated user with specific permissions could be tricked into accessing a specially crafted link. This could lead to a malicious template being executed on the server, resulting in remote code execution. Versions 14.99.6 and 15.88.1 fix the issue. No known workarounds are available. | ||||
| CVE-2025-15086 | 1 Youlai | 1 Youlai-mall | 2025-12-31 | 4.3 Medium |
| A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15085 | 1 Youlai | 1 Youlai-mall | 2025-12-31 | 4.3 Medium |
| A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-67163 | 1 Simplemachines | 3 Simple Machine Forum, Simple Machines Forum, Smf | 2025-12-31 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter. | ||||
| CVE-2025-15084 | 1 Youlai | 1 Youlai-mall | 2025-12-31 | 3.1 Low |
| A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14848 | 1 Advantech | 2 Webaccess/scada, Webaccess\/scada | 2025-12-31 | 4.3 Medium |
| Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files. | ||||
| CVE-2025-14849 | 1 Advantech | 2 Webaccess/scada, Webaccess\/scada | 2025-12-31 | 8.8 High |
| Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2025-14850 | 1 Advantech | 2 Webaccess/scada, Webaccess\/scada | 2025-12-31 | 8.1 High |
| Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files. | ||||
| CVE-2025-44998 | 1 Prasathmani | 1 Tiny File Manager | 2025-12-31 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter. | ||||
| CVE-2019-16790 | 1 Prasathmani | 1 Tiny File Manager | 2025-12-31 | 6.5 Medium |
| In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted. | ||||
| CVE-2020-12102 | 1 Prasathmani | 1 Tiny File Manager | 2025-12-31 | 7.7 High |
| In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope). | ||||
| CVE-2020-12103 | 1 Prasathmani | 1 Tiny File Manager | 2025-12-31 | 7.7 High |
| In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored. | ||||