Search
Search Results (364838 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36881 | 2 Flexense, Flexsense | 2 Diskboss, Diskboss | 2025-12-10 | 7.8 High |
| Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field. | ||||
| CVE-2020-36882 | 2 Flexense, Flexsense | 2 Diskboss, Diskboss | 2025-12-10 | 7.5 High |
| Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application. | ||||
| CVE-2025-66570 | 1 Yhirose | 1 Cpp-httplib | 2025-12-10 | 10 Critical |
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0. | ||||
| CVE-2025-66550 | 1 Nextcloud | 1 Calendar | 2025-12-10 | 5.7 Medium |
| Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This vulnerability is fixed in 4.7.17 and 5.2.4. | ||||
| CVE-2022-36127 | 1 Apache | 1 Skywalking Nodejs Agent | 2025-12-10 | 7.5 High |
| A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection. | ||||
| CVE-2021-47147 | 1 Linux | 1 Linux Kernel | 2025-12-10 | 6.2 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix a resource leak in an error handling path If an error occurs after a successful 'pci_ioremap_bar()' call, it must be undone by a corresponding 'pci_iounmap()' call, as already done in the remove function. | ||||
| CVE-2025-67613 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67612 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67611 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67610 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67609 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67608 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67607 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67606 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67605 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67503 | 2025-12-10 | N/A | ||
| This CVE is a duplicate of another CVE. | ||||
| CVE-2024-30105 | 2 Microsoft, Redhat | 5 .net, Powershell, Visual Studio and 2 more | 2025-12-09 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-38095 | 2 Microsoft, Redhat | 5 .net, Powershell, Visual Studio and 2 more | 2025-12-09 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-38156 | 1 Microsoft | 2 Edge, Edge Chromium | 2025-12-09 | 6.1 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-38103 | 1 Microsoft | 2 Edge, Edge Chromium | 2025-12-09 | 5.9 Medium |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||