Export limit exceeded: 344006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344006 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-33013 | 1 Ibm | 2 Mq Operator, Supplied Mq Advanced Container Images | 2025-08-22 | 6.2 Medium |
| IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release. | ||||
| CVE-2025-9238 | 2025-08-22 | 7.3 High | ||
| A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing manipulation of the argument email can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6183 | 2 Apple, Strongdm | 2 Macos, Sdm-cli | 2025-08-22 | N/A |
| The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message. | ||||
| CVE-2025-6181 | 2 Microsoft, Strongdm | 2 Windows, Sdm-cli | 2025-08-22 | N/A |
| The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could potentially exploit this leading to privilege escalation. | ||||
| CVE-2025-6180 | 1 Strongdm | 1 Sdm-cli | 2025-08-22 | N/A |
| The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition. | ||||
| CVE-2025-6182 | 2 Microsoft, Strongdm | 2 Windows, Sdm-cli | 2025-08-22 | N/A |
| The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones. | ||||
| CVE-2025-57753 | 2025-08-22 | 6.5 Medium | ||
| vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2. | ||||
| CVE-2025-55751 | 2025-08-22 | N/A | ||
| OnboardLite is the result of the Influx Initiative, our vision for an improved student organization lifecycle at the University of Central Florida. An attacker can craft a link to the trusted application that, when visited, redirects the user to a malicious external site. This enables phishing, credential theft, malware delivery, and trust abuse. Any version with commit hash 6cca19e or later implements jwt signing for the redirect url parameter. | ||||
| CVE-2025-55383 | 2025-08-22 | 8.6 High | ||
| Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server. | ||||
| CVE-2024-50640 | 2025-08-22 | 9.8 Critical | ||
| jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function | ||||
| CVE-2024-57154 | 2025-08-22 | 9.8 Critical | ||
| Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication via sending a crafted payload to /admin/auth/index. | ||||
| CVE-2024-57157 | 2025-08-22 | 9.8 Critical | ||
| Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token. | ||||
| CVE-2024-57491 | 2025-08-22 | 8.8 High | ||
| Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function. | ||||
| CVE-2025-20131 | 1 Cisco | 1 Identity Services Engine Software | 2025-08-22 | 4.9 Medium |
| A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload using the Cisco ISE GUI. A successful exploit could allow the attacker to upload arbitrary files to an affected system. | ||||
| CVE-2025-27216 | 2025-08-22 | 8.8 High | ||
| Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges. | ||||
| CVE-2025-27213 | 2025-08-22 | 4.9 Medium | ||
| An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station Pro (Version 1.5.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.9.301 and earlier) UniFi Connect Display Cast Pro (Version 1.0.78 and earlier) UniFi Connect Display Cast Lite (Version 1.0.3 and earlier) Mitigation: Update UniFi Connect EV Station Pro to Version 1.5.27 or later Update UniFi Connect Display to Version 1.13.6 or later Update UniFi Connect Display Cast to Version 1.10.3 or later Update UniFi Connect Display Cast Pro to Version 1.0.83 or later Update UniFi Connect Display Cast Lite to Version 1.1.3 or later | ||||
| CVE-2025-27214 | 2025-08-22 | 9.8 Critical | ||
| A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro (Version 1.5.18 and earlier) Mitigation: Update UniFi Connect EV Station Pro to Version 1.5.27 or later | ||||
| CVE-2025-27215 | 2025-08-22 | 8.1 High | ||
| An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products: UniFi Connect Display Cast (Version 1.10.3 and earlier) UniFi Connect Display Cast Pro (Version 1.0.89 and earlier) UniFi Connect Display Cast Lite (Version 1.0.3 and earlier) Mitigation: Update UniFi Connect Display Cast to Version 1.10.7 or later Update UniFi Connect Display Cast Pro to Version 1.0.94 or later Update UniFi Connect Display Cast Lite to Version 1.1.8 or later | ||||
| CVE-2025-27217 | 2025-08-22 | 9.1 Critical | ||
| A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope. | ||||
| CVE-2025-36530 | 1 Mattermost | 1 Mattermost | 2025-08-22 | 6.8 Medium |
| Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin signature enforcement and marketplace restrictions. | ||||