Search

Search Results (364840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-53896 2 Accellion, Kiteworks 2 Kiteworks Managed File Transfer, Mft 2025-12-03 7.1 High
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0.
CVE-2023-0661 1 Devolutions 1 Devolutions Server 2025-12-03 6.5 Medium
Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data.
CVE-2025-13757 1 Devolutions 1 Devolutions Server 2025-12-03 8.8 High
SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.
CVE-2025-7915 1 Chanjet 1 Chanjet Crm 2025-12-03 7.3 High
A vulnerability was found in Chanjet CRM 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.php of the component Login Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-11619 1 Devolutions 1 Devolutions Server 2025-12-03 8.8 High
Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackersĀ in MitM position to intercept traffic.
CVE-2025-13765 1 Devolutions 1 Devolutions Server 2025-12-03 4.3 Medium
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
CVE-2025-13758 1 Devolutions 1 Devolutions Server 2025-12-03 3.5 Low
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
CVE-2024-9358 1 Thingsboard 1 Thingsboard 2025-12-03 5.3 Medium
A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.7.1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed on 2024-07-24 about this vulnerability and announced the release of 3.7.1 for the second half of September 2024.
CVE-2025-9094 1 Thingsboard 1 Thingsboard 2025-12-03 4.3 Medium
A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."
CVE-2024-7096 1 Wso2 7 Api Manager, Enterprise Mobility Manager, Identity Server and 4 more 2025-12-03 4.2 Medium
A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * SOAP admin services are accessible to the attacker. * The deployment includes an internally used attribute that is not part of the default WSO2 product configuration. * At least one custom role exists with non-default permissions. * The attacker has knowledge of the custom role and the internal attribute used in the deployment. Exploiting this vulnerability allows malicious actors to assign higher privileges to self-registered users, bypassing intended access control mechanisms.
CVE-2022-40023 3 Debian, Redhat, Sqlalchemy 3 Debian Linux, Enterprise Linux, Mako 2025-12-03 7.5 High
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
CVE-2021-3448 4 Fedoraproject, Oracle, Redhat and 1 more 4 Fedora, Communications Cloud Native Core Network Function Cloud Native Environment, Enterprise Linux and 1 more 2025-12-03 4 Medium
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
CVE-2021-3517 6 Debian, Fedoraproject, Netapp and 3 more 30 Debian Linux, Fedora, Active Iq Unified Manager and 27 more 2025-12-02 8.6 High
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
CVE-2021-39260 3 Debian, Redhat, Tuxera 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more 2025-12-02 6.7 Medium
A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.
CVE-2021-39259 3 Debian, Redhat, Tuxera 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more 2025-12-02 6.7 Medium
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.
CVE-2021-39258 3 Debian, Redhat, Tuxera 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more 2025-12-02 6.7 Medium
A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.
CVE-2021-39256 3 Debian, Redhat, Tuxera 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more 2025-12-02 6.7 Medium
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.
CVE-2021-39255 3 Debian, Redhat, Tuxera 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more 2025-12-02 6.7 Medium
A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.
CVE-2021-39254 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Advanced Virtualization and 2 more 2025-12-02 6.7 Medium
A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.
CVE-2021-39253 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Advanced Virtualization and 2 more 2025-12-02 6.7 Medium
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.