Export limit exceeded: 344061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344061 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15120 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-12-30 | 3.1 Low |
| A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15121 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-12-30 | 2.4 Low |
| A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15122 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-12-30 | 3.1 Low |
| A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15123 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-12-30 | 3.1 Low |
| A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15124 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-12-30 | 3.1 Low |
| A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15125 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-12-30 | 3.1 Low |
| A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-65828 | 1 Meatmeet | 3 Meatmeet, Meatmeet Pro Wifi \& Bluetooth Meat Thermometer, Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware | 2025-12-30 | 6.5 Medium |
| An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy (BLE) to these devices which would result in a Denial of Service. These commands include: shutdown, restart, clear config. Clear config would disassociate the current device from its user and would require re-configuration to re-enable the device. As a result, the end user would be unable to receive updates from the Meatmeet base station which communicates with the cloud services until the device had been fixed or turned back on. | ||||
| CVE-2025-65829 | 2 Espressif, Meatmeet | 3 Esp32, Meatmeet Pro Wifi \& Bluetooth Meat Thermometer, Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware | 2025-12-30 | 6.8 Medium |
| The ESP32 system on a chip (SoC) that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved in the Application Startup Flow. As a result, an attacker with physical access to the device can flash modified firmware to the device, resulting in the execution of malicious code upon startup. | ||||
| CVE-2025-65830 | 1 Meatmeet | 2 Meatmeet, Meatmeet-pro | 2025-12-30 | 9.1 Critical |
| Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if the attacker intercepts a request with active authentication tokens or cracks the MD5 hash sent on login. | ||||
| CVE-2025-65831 | 1 Meatmeet | 1 Meatmeet | 2025-12-30 | 7.5 High |
| The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in a reasonable amount of time and gain unauthorized access to the victim's account. | ||||
| CVE-2025-14958 | 1 Floooh | 1 Sokol | 2025-12-30 | 5.3 Medium |
| A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The patch is named 33e2271c431bf21de001e972f72da17a984da932. It is suggested to install a patch to address this issue. | ||||
| CVE-2025-14909 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-12-30 | 4.3 Medium |
| A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing manipulation can lead to manage user sessions. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This patch is called b686f9fbd1917edffe5922c6362c817a9361cfbd. Applying a patch is advised to resolve this issue. | ||||
| CVE-2025-14908 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-12-30 | 6.3 Medium |
| A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module. Performing manipulation of the argument ID results in improper authentication. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The patch is named e1c8f00bf2a2e0edddbaa8119afe1dc92d9dc1d2/67795493bdc579e489d3ab12e52a1793c4f8a0ee. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-67461 | 2 Apple, Zoom | 3 Macos, Rooms, Zoom | 2025-12-30 | 5 Medium |
| External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access. | ||||
| CVE-2025-56401 | 2 Zira, Ziragroup | 2 Wbrm, Wbrm | 2025-12-30 | 7.6 High |
| ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName. | ||||
| CVE-2025-14961 | 2 Code-projects, Fabian | 2 Simple Blood Donor Management System, Simple Blood Donor Management System | 2025-12-30 | 7.3 High |
| A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument campaignname results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | ||||
| CVE-2025-63952 | 1 Magewell | 27 Convert, Pro Convert 12g Sdi 4k Plus, Pro Convert 12g Sdi 4k Plus Firmware and 24 more | 2025-12-30 | 5.7 Medium |
| A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request. | ||||
| CVE-2025-63953 | 1 Magewell | 11 Convert, Ultra Encode Aio, Ultra Encode Aio Firmware and 8 more | 2025-12-30 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request. | ||||
| CVE-2025-14960 | 2 Code-projects, Fabian | 2 Simple Blood Donor Management System, Simple Blood Donor Management System | 2025-12-30 | 7.3 High |
| A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-63958 | 1 Millensys | 1 Vision Tools Workspace | 2025-12-30 | 9.8 Critical |
| MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function. | ||||