Export limit exceeded: 25183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25183 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32044 | 1 Moodle | 1 Moodle | 2025-06-24 | 7.5 High |
| A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability. | ||||
| CVE-2020-3525 | 1 Cisco | 1 Identity Services Engine | 2025-06-24 | 4.3 Medium |
| A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin portal. An attacker with read or write access to the Admin portal could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2025-27399 | 1 Joinmastodon | 1 Mastodon | 2025-06-24 | 5.3 Medium |
| Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" (localized English string: "To logged-in users"), users that are not yet approved can view the block reasons. Instance admins that do not want their domain blocks to be public are impacted. Versions 4.1.23, 4.2.16, and 4.3.4 fix the issue. | ||||
| CVE-2023-51142 | 1 Zkteco | 1 Biotime | 2025-06-24 | 7.5 High |
| An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. | ||||
| CVE-2021-1470 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2025-06-24 | 4.9 Medium |
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the vManage database or the underlying operating system.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. | ||||
| CVE-2024-56738 | 1 Gnu | 1 Grub2 | 2025-06-24 | 5.3 Medium |
| GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks. | ||||
| CVE-2025-26413 | 1 Apache | 1 Kvrocks | 2025-06-23 | 7.5 High |
| Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. Users are recommended to upgrade to version 2.12.0, which fixes the issue. | ||||
| CVE-2024-21206 | 1 Oracle | 1 Enterprise Command Center Framework | 2025-06-23 | 4.3 Medium |
| Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2024-24215 | 1 Cellinx | 1 Nvt Web Server | 2025-06-20 | 5.3 Medium |
| An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request. | ||||
| CVE-2023-48132 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-48129 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-47355 | 1 Eyuepcanyilmaz | 1 Root Quick Reboot | 2025-06-20 | 7.5 High |
| The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation. | ||||
| CVE-2023-43997 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43996 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43995 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43992 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2024-0751 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-06-20 | 8.8 High |
| A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2024-0746 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-06-20 | 6.5 Medium |
| A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2023-48354 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-20 | 5.5 Medium |
| In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2020-36771 | 1 Cloudlinux | 1 Cagefs | 2025-06-20 | 7.8 High |
| CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user. | ||||