Export limit exceeded: 343535 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343535 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8932 | 1 1000projects | 1 Sales Management System | 2025-08-15 | 7.3 High |
| A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8770 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 6.5 Medium |
| An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers. | ||||
| CVE-2025-7739 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions. | ||||
| CVE-2025-7734 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content. | ||||
| CVE-2025-6186 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names. | ||||
| CVE-2025-2937 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature. | ||||
| CVE-2025-2614 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed. | ||||
| CVE-2025-1051 | 1 Sonos | 2 Era 300, Era 300 Firmware | 2025-08-15 | N/A |
| Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865. | ||||
| CVE-2025-2498 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 3.1 Low |
| An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions. | ||||
| CVE-2025-1477 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoints. | ||||
| CVE-2024-12303 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 6.7 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role. | ||||
| CVE-2025-47950 | 1 Coredns.io | 1 Coredns | 2025-08-15 | 7.5 High |
| CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash — especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`, which caps the number of concurrent QUIC streams per connection with a default value of `256`; and `worker_pool_size`, which Introduces a server-wide, bounded worker pool to process incoming streams with a default value of `1024`. This eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency. Some workarounds are available for those who are unable to upgrade. Disable QUIC support by removing or commenting out the `quic://` block in the Corefile, use container runtime resource limits to detect and isolate excessive memory usage, and/or monitor QUIC connection patterns and alert on anomalies. | ||||
| CVE-2025-36605 | 1 Dell | 1 Unity Operating Environment | 2025-08-15 | 6.1 Medium |
| Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2025-51390 | 1 Totolink | 2 N600r, N600r Firmware | 2025-08-15 | 9.8 Critical |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. | ||||
| CVE-2025-50592 | 1 Seacms | 1 Seacms | 2025-08-15 | 5.4 Medium |
| Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player. | ||||
| CVE-2025-52237 | 1 Sscms | 1 Sscms | 2025-08-15 | 6.5 Medium |
| An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal. | ||||
| CVE-2025-21018 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | 4.4 Medium |
| Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory. | ||||
| CVE-2025-21019 | 1 Samsung | 1 Health | 2025-08-15 | 5.5 Medium |
| Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-49556 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | 7.5 High |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged. | ||||
| CVE-2025-49554 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | 7.5 High |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction. | ||||