Export limit exceeded: 342070 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342070 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-20112 | 2025-06-30 | 3.4 Low | ||
| RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network. | ||||
| CVE-2023-28910 | 2025-06-30 | 8 High | ||
| A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. | ||||
| CVE-2023-28911 | 2025-06-30 | 6.5 Medium | ||
| A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every connected client of the infotainment device. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. | ||||
| CVE-2023-28912 | 2025-06-30 | 5.7 Medium | ||
| The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. | ||||
| CVE-2023-29113 | 2025-06-30 | 6.3 Medium | ||
| The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control restrictions implemented at the operating system level. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. | ||||
| CVE-2024-11739 | 2025-06-30 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection.This issue affects Case ERP: before V2.0.1. | ||||
| CVE-2024-12915 | 2025-06-30 | 4.6 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Devinim Software Library Software allows Reflected XSS.This issue affects Library Software: before 24.11.02. | ||||
| CVE-2025-24289 | 2025-06-30 | N/A | ||
| A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default. | ||||
| CVE-2025-24290 | 2025-06-30 | N/A | ||
| Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges. | ||||
| CVE-2025-40710 | 2025-06-30 | N/A | ||
| Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Host header, can cause the VPN client to redirect or forward HTTP requests to servers other than those originally intended, leading to consequences such as open redirects or delivery of traffic to infrastructure controlled by an attacker. This does not imply a flaw in the target applications, but in how the VPN client internally handles outgoing headers and requests. | ||||
| CVE-2025-41439 | 2025-06-30 | N/A | ||
| A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product. | ||||
| CVE-2025-4407 | 2025-06-30 | 6.7 Medium | ||
| Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1. | ||||
| CVE-2024-22059 | 1 Ivanti | 1 Neurons For Itsm | 2025-06-30 | N/A |
| A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS. | ||||
| CVE-2024-22060 | 1 Ivanti | 1 Neurons For Itsm | 2025-06-30 | 4.9 Medium |
| An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server. | ||||
| CVE-2024-4750 | 1 Buddyboss | 1 Buddyboss | 2025-06-30 | 5.3 Medium |
| The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request | ||||
| CVE-2023-34001 | 1 Wpplugins | 1 Hide My Wp Ghost | 2025-06-30 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25. | ||||
| CVE-2024-27264 | 1 Ibm | 1 I | 2025-06-30 | 7.4 High |
| IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563. | ||||
| CVE-2024-31634 | 1 Xunruicms | 1 Xunruicms | 2025-06-30 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library. | ||||
| CVE-2024-4456 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-06-30 | 4.1 Medium |
| In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page. | ||||
| CVE-2024-2697 | 1 Swiftideas | 1 Swift Framework | 2025-06-30 | 6.5 Medium |
| The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | ||||