Export limit exceeded: 366276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63721 | 1 Hummerrisk | 1 Hummerrisk | 2025-12-11 | 9.8 Critical |
| HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server. | ||||
| CVE-2025-59390 | 1 Apache | 1 Druid | 2025-12-11 | 9.8 Critical |
| Apache Druid’s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not explicitly set. In this case, the secret is generated using `ThreadLocalRandom`, which is not a crypto-graphically secure random number generator. This may allow an attacker to predict or brute force the secret used to sign authentication cookies, potentially enabling token forgery or authentication bypass. Additionally, each process generates its own fallback secret, resulting in inconsistent secrets across nodes. This causes authentication failures in distributed or multi-broker deployments, effectively leading to a incorrectly configured clusters. Users are advised to configure a strong `druid.auth.authenticator.kerberos.cookieSignatureSecret` This issue affects Apache Druid: through 34.0.0. Users are recommended to upgrade to version 35.0.0, which fixes the issue making it mandatory to set `druid.auth.authenticator.kerberos.cookieSignatureSecret` when using the Kerberos authenticator. Services will fail to come up if the secret is not set. | ||||
| CVE-2021-4156 | 3 Debian, Libsndfile Project, Redhat | 3 Debian Linux, Libsndfile, Enterprise Linux | 2025-12-11 | 7.1 High |
| An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. | ||||
| CVE-2023-7096 | 1 Carmelogarcia | 1 Faculty Management System | 2025-12-11 | 4.7 Medium |
| A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2025-67694 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67693 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67692 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67691 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67690 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67689 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67688 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67687 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67686 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67514 | 2025-12-11 | N/A | ||
| Vulnerability is dependency-based. | ||||
| CVE-2025-67512 | 2025-12-11 | N/A | ||
| The vulnerability is dependency-based. | ||||
| CVE-2025-66581 | 1 Frappe | 3 Frappe, Frappe Lms, Learning | 2025-12-11 | 6.5 Medium |
| Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the affected endpoints relied on client-side or UI-level checks instead of enforcing permissions on the server, users with low-privileged roles (such as students) could perform operations intended only for instructors or administrators via directly using the API's. This vulnerability is fixed in 2.41.0. | ||||
| CVE-2025-14225 | 2 D-link, Dlink | 3 Dcs-930l, Dcs-930l, Dcs-930l Firmware | 2025-12-11 | 6.3 Medium |
| A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-14245 | 1 Ideacms | 1 Ideacms | 2025-12-11 | 7.3 High |
| A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-65797 | 1 Usememos | 1 Memos | 2025-12-11 | 6.5 Medium |
| Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS). | ||||
| CVE-2025-65804 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-12-11 | 6.5 Medium |
| Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE). | ||||