Export limit exceeded: 366369 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366369 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-43737 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 5.4 Medium
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via _com_liferay_journal_web_portlet_JournalPortlet_backURL parameter.
CVE-2025-67741 1 Jetbrains 1 Teamcity 2025-12-15 4.8 Medium
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
CVE-2025-67742 1 Jetbrains 1 Teamcity 2025-12-15 3.8 Low
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
CVE-2025-43745 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 6.5 Medium
A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote attackers to performs cross-origin request on behalf of the authenticated user via the endpoint parameter.
CVE-2025-43743 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 4.3 Medium
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticated remote user to view other calendars by allowing them to enumerate the names of other users, given an attacker the possibility to send phishing to these users.
CVE-2025-43744 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 5.4 Medium
A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 exists in the Asset Publisher configuration UI within the Source.js module. This vulnerability allows attackers to inject arbitrary JavaScript via DDM structure field labels which are then inserted into the DOM using innerHTML without proper encoding.
CVE-2024-43187 1 Ibm 2 Security Verify Access, Security Verify Access Docker 2025-12-15 5.9 Medium
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVE-2024-45657 1 Ibm 2 Security Verify Access, Security Verify Access Docker 2025-12-15 5 Medium
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
CVE-2024-45659 1 Ibm 2 Security Verify Access, Security Verify Access Docker 2025-12-15 5.3 Medium
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVE-2024-40700 1 Ibm 2 Security Verify Access, Security Verify Access Docker 2025-12-15 6.1 Medium
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-56129 1 Ruijie 2 Rg-bcr860, Rg-bcr860 Firmware 2025-12-15 8.8 High
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_diagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua.
CVE-2024-42936 1 Ruijie 2 Reyee Os, Rg-ew300n 2025-12-15 9.8 Critical
The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.
CVE-2025-43741 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 5.4 Medium
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScrip in the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_assetTagNames parameter
CVE-2025-43753 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 5.4 Medium
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update 92 allows an remote authenticated user to inject JavaScript into the embedded message field from the form container.
CVE-2025-14528 1 Dlink 2 Dir-803, Dir-803 Firmware 2025-12-15 5.3 Medium
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-65472 1 Easyimages2.0 Project 1 Easyimages2.0 2025-12-15 8.8 High
A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page.
CVE-2025-65473 1 Easyimages2.0 Project 1 Easyimages2.0 2025-12-15 9.1 Critical
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name.
CVE-2025-36354 1 Ibm 4 Security Verify Access, Security Verify Access Docker, Verify Identity Access and 1 more 2025-12-15 7.3 High
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input.
CVE-2025-36355 1 Ibm 4 Security Verify Access, Security Verify Access Docker, Verify Identity Access and 1 more 2025-12-15 8.5 High
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
CVE-2025-36356 1 Ibm 4 Security Verify Access, Security Verify Access Docker, Verify Identity Access and 1 more 2025-12-15 9.3 Critical
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.