Search

Search Results (367109 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-69207 1 Khoj 1 Khoj 2026-02-27 5.4 Medium
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index. This attack requires knowing the user's UUID which can be leaked through shared conversations where an AI generated image is present. This vulnerability is fixed in 2.0.0-beta.23.
CVE-2025-64712 2 Unstructured, Unstructured-io 2 Unstructured, Unstructured 2026-02-27 9.8 Critical
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. This issue has been patched in version 0.18.18.
CVE-2026-27583 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27582 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27581 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27580 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27573 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27501 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27500 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27201 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2026-27200 2026-02-27 N/A
Further research determined the situation described is not a vulnerability.
CVE-2025-33179 1 Nvidia 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more 2026-02-27 8 High
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2025-33180 1 Nvidia 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more 2026-02-27 8 High
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2025-33181 1 Nvidia 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more 2026-02-27 7.3 High
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2025-61684 2 H20, H2o 2 Quickly, Quicly 2026-02-27 7.5 High
Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e fixes the issue.
CVE-2025-67445 1 Totolink 2 X5000r, X5000r Firmware 2026-02-27 6.5 Medium
TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checking. When lighttpd s request size limit is not enforced, a crafted large POST request can cause memory exhaustion or a segmentation fault, leading to a crash of the management CGI and loss of availability of the web interface.
CVE-2025-0976 3 Hitachi, Linux, Microsoft 4 Configuration Manager, Ops Center Api Configuration Manager, Linux Kernel and 1 more 2026-02-27 4.7 Medium
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00.
CVE-2023-5769 1 Hitachienergy 8 Rtu520, Rtu520 Firmware, Rtu530 and 5 more 2026-02-27 5.4 Medium
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized.
CVE-2025-50180 2 Esm, Esm-dev 2 Esm.sh, Esmsh 2026-02-27 7.5 High
esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability.
CVE-2025-69929 1 N3uron 1 Web User Interface 2026-02-27 9.8 Critical
An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format