Export limit exceeded: 366276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-63721 1 Hummerrisk 1 Hummerrisk 2025-12-11 9.8 Critical
HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server.
CVE-2025-59390 1 Apache 1 Druid 2025-12-11 9.8 Critical
Apache Druid’s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not explicitly set. In this case, the secret is generated using `ThreadLocalRandom`, which is not a crypto-graphically secure random number generator. This may allow an attacker to predict or brute force the secret used to sign authentication cookies, potentially enabling token forgery or authentication bypass. Additionally, each process generates its own fallback secret, resulting in inconsistent secrets across nodes. This causes authentication failures in distributed or multi-broker deployments, effectively leading to a incorrectly configured clusters. Users are advised to configure a strong `druid.auth.authenticator.kerberos.cookieSignatureSecret` This issue affects Apache Druid: through 34.0.0. Users are recommended to upgrade to version 35.0.0, which fixes the issue making it mandatory to set `druid.auth.authenticator.kerberos.cookieSignatureSecret` when using the Kerberos authenticator. Services will fail to come up if the secret is not set.
CVE-2021-4156 3 Debian, Libsndfile Project, Redhat 3 Debian Linux, Libsndfile, Enterprise Linux 2025-12-11 7.1 High
An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.
CVE-2023-7096 1 Carmelogarcia 1 Faculty Management System 2025-12-11 4.7 Medium
A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
CVE-2025-67694 2025-12-11 N/A
Not used
CVE-2025-67693 2025-12-11 N/A
Not used
CVE-2025-67692 2025-12-11 N/A
Not used
CVE-2025-67691 2025-12-11 N/A
Not used
CVE-2025-67690 2025-12-11 N/A
Not used
CVE-2025-67689 2025-12-11 N/A
Not used
CVE-2025-67688 2025-12-11 N/A
Not used
CVE-2025-67687 2025-12-11 N/A
Not used
CVE-2025-67686 2025-12-11 N/A
Not used
CVE-2025-67514 2025-12-11 N/A
Vulnerability is dependency-based.
CVE-2025-67512 2025-12-11 N/A
The vulnerability is dependency-based.
CVE-2025-66581 1 Frappe 3 Frappe, Frappe Lms, Learning 2025-12-11 6.5 Medium
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the affected endpoints relied on client-side or UI-level checks instead of enforcing permissions on the server, users with low-privileged roles (such as students) could perform operations intended only for instructors or administrators via directly using the API's. This vulnerability is fixed in 2.41.0.
CVE-2025-14225 2 D-link, Dlink 3 Dcs-930l, Dcs-930l, Dcs-930l Firmware 2025-12-11 6.3 Medium
A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-14245 1 Ideacms 1 Ideacms 2025-12-11 7.3 High
A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-65797 1 Usememos 1 Memos 2025-12-11 6.5 Medium
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).
CVE-2025-65804 1 Tenda 2 Ax3, Ax3 Firmware 2025-12-11 6.5 Medium
Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).