Search

Search Results (364787 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-65497 1 Libcoap 1 Libcoap 2025-12-01 4.3 Medium
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
CVE-2025-65498 1 Libcoap 1 Libcoap 2025-12-01 4.3 Medium
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
CVE-2025-65499 1 Libcoap 1 Libcoap 2025-12-01 4.3 Medium
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
CVE-2025-65500 1 Libcoap 1 Libcoap 2025-12-01 4.3 Medium
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
CVE-2025-65501 1 Libcoap 1 Libcoap 2025-12-01 4.3 Medium
Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.
CVE-2025-60632 1 Free5gc 1 Free5gc 2025-12-01 6.5 Medium
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.
CVE-2025-60633 1 Free5gc 1 Free5gc 2025-12-01 6.5 Medium
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.
CVE-2025-63601 1 Snipeitapp 1 Snipe-it 2025-12-01 9.9 Critical
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.
CVE-2025-45778 1 Languagesloth 1 The Language Sloth 2025-12-01 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field.
CVE-2020-13956 5 Apache, Netapp, Oracle and 2 more 27 Httpclient, Active Iq Unified Manager, Snapcenter and 24 more 2025-12-01 5.3 Medium
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
CVE-2025-60638 1 Free5gc 1 Free5gc 2025-12-01 7.5 High
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.
CVE-2025-36112 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-12-01 5.3 Medium
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user.
CVE-2025-64048 1 Yccms 1 Yccms 2025-12-01 6.1 Medium
YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The vulnerability exists in the add() and getPost() functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field.
CVE-2025-36150 1 Ibm 1 Concert 2025-12-01 5.9 Medium
IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2025-62497 1 Sony 2 Snc-cx600w, Snc-cx600w Firmware 2025-12-01 6.5 Medium
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed.
CVE-2025-11794 1 Mattermost 2 Mattermost, Mattermost Server 2025-12-01 4.9 Medium
Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/{user_id}/email/verify/member endpoint
CVE-2025-58423 1 Advantech 2 Deviceon/iedge, Deviceon\/iedge 2025-12-01 8.8 High
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account.
CVE-2025-64730 1 Sony 2 Snc-cx600w, Snc-cx600w Firmware 2025-12-01 6.1 Medium
Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product.
CVE-2025-13265 1 Lsfusion 2 Lsfusion Platform, Platform 2025-12-01 6.3 Medium
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.
CVE-2025-13262 1 Lsfusion 2 Lsfusion Platform, Platform 2025-12-01 7.3 High
A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.