Export limit exceeded: 364541 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364541 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-64709 1 Typebot 1 Typebot 2026-01-30 9.6 Critical
Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery (SSRF) vulnerability in the Typebot webhook block (HTTP Request component) functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance Metadata Service (IMDS). By bypassing IMDSv2 protection through custom header injection, attackers can extract temporary AWS IAM credentials for the EKS node role, leading to complete compromise of the Kubernetes cluster and associated AWS infrastructure. Version 3.13.1 fixes the issue.
CVE-2025-64706 1 Typebot 1 Typebot 2026-01-30 5 Medium
Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing the target user's ID and token ID, without requiring authorization checks. Version 3.13.0 fixes the issue.
CVE-2024-30264 1 Typebot 1 Typebot 2026-01-30 8.1 High
Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the `redirectPath` parameter from the URL. If a user clicks on a link where the `redirectPath` parameter has a javascript scheme, the attacker that crafted the link may be able to execute arbitrary JavaScript with the privileges of the user. Version 2.24.0 contains a patch for this issue.
CVE-2025-13925 1 Ibm 1 Aspera Console 2026-01-30 4.9 Medium
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.
CVE-2026-25097 2026-01-30 N/A
Not used
CVE-2026-25096 2026-01-30 N/A
Not used
CVE-2026-25095 2026-01-30 N/A
Not used
CVE-2026-25094 2026-01-30 N/A
Not used
CVE-2026-25093 2026-01-30 N/A
Not used
CVE-2026-25092 2026-01-30 N/A
Not used
CVE-2026-25091 2026-01-30 N/A
Not used
CVE-2026-25090 2026-01-30 N/A
Not used
CVE-2025-54942 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.
CVE-2023-4822 2 Grafana, Redhat 3 Grafana, Grafana Enterprise, Ceph Storage 2026-01-30 6.7 Medium
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.
CVE-2025-54946 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.
CVE-2025-54945 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.
CVE-2025-54944 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.
CVE-2025-54943 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.
CVE-2025-67158 1 Revotech 2 I6032w-fhw, I6032w-fhw Firmware 2026-01-30 7.5 High
An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.
CVE-2025-67159 1 Vatilon 2 Pa4, Pa4 Firmware 2026-01-30 7.5 High
Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.