Export limit exceeded: 343974 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343974 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53642 | 2 Haxtheweb, Psu | 4 Haxcms-nodejs, Haxcms-php, Haxcms-nodejs and 1 more | 2025-08-22 | 4.8 Medium |
| haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6. | ||||
| CVE-2024-13201 | 1 Wander-chu | 1 Springboot-blog | 2025-08-22 | 4.7 Medium |
| A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-13202 | 1 Wander-chu | 1 Springboot-blog | 2025-08-22 | 2.4 Low |
| A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0333 | 1 Leiyuxi | 1 Cy-fast | 2025-08-22 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0334 | 1 Leiyuxi | 1 Cy-fast | 2025-08-22 | 6.3 Medium |
| A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /sys/user/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0344 | 1 Leiyuxi | 1 Cy-fast | 2025-08-22 | 6.3 Medium |
| A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /commpara/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0345 | 1 Leiyuxi | 1 Cy-fast | 2025-08-22 | 6.3 Medium |
| A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this issue is the function listData of the file /sys/menu/listData. The manipulation of the argument order leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-45061 | 1 Observium | 1 Observium | 2025-08-22 | 8.7 High |
| A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker. | ||||
| CVE-2024-47002 | 1 Observium | 1 Observium | 2025-08-22 | 8.7 High |
| A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker. | ||||
| CVE-2025-22129 | 1 Enalean | 1 Tuleap | 2025-08-22 | 4.3 Medium |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-47140 | 1 Observium | 1 Observium | 2025-08-22 | 8.7 High |
| A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker. | ||||
| CVE-2024-52599 | 1 Enalean | 1 Tuleap | 2025-08-22 | 5.4 Medium |
| Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled code. Tuleap Community Edition 16.1.99.50, Tuleap Enterprise Edition 16.1-4, and Tuleap Enterprise Edition 16.0-7 contain a fix. | ||||
| CVE-2025-50738 | 1 Usememos | 1 Memos | 2025-08-22 | 9.8 Critical |
| The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be exploited by an attacker to disclose the viewing user's IP address, browser User-Agent string, and potentially other request-specific information to the attacker-controlled server, leading to information disclosure and user tracking. | ||||
| CVE-2021-32025 | 1 Blackberry | 4 Qnx Momentics, Qnx Os For Medical, Qnx Os For Safety and 1 more | 2025-08-22 | 8.1 High |
| An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system. | ||||
| CVE-2021-22156 | 1 Blackberry | 3 Qnx Os For Medical, Qnx Os For Safety, Qnx Software Development Platform | 2025-08-22 | 9 Critical |
| An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code. | ||||
| CVE-2020-6932 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-08-22 | 10 Critical |
| An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server. | ||||
| CVE-2019-8998 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-08-22 | 7.8 High |
| An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space. | ||||
| CVE-2024-29072 | 3 Foxit, Foxitsoftware, Microsoft | 4 Pdf Editor, Pdf Reader, Foxit Reader and 1 more | 2025-08-22 | 8.2 High |
| A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege. | ||||
| CVE-2025-24798 | 1 Meshtastic | 2 Firmware, Meshtastic Firmware | 2025-08-22 | 4.3 Medium |
| Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains want_response==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This vulnerability is fixed in 2.6.2. | ||||
| CVE-2025-53637 | 1 Meshtastic | 2 Firmware, Meshtastic Firmware | 2025-08-22 | 4.1 Medium |
| Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_request_target event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull request. In the shell code execution part, user-controlled input is interpolated unsafely into the code. If this were to be exploited, attackers could inject unauthorized code into the repository. This vulnerability is fixed in 2.6.6. | ||||