Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366372 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-55574 1 Docmost 1 Docmost 2025-09-15 6.1 Medium
Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code
CVE-2025-29901 1 Qnap 1 File Station 2025-09-15 6.5 Medium
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4933 and later
CVE-2025-55526 2 Microsoft, N8n 5 Windows 11, Fastapi, N8n and 2 more 2025-09-15 9.1 Critical
n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py
CVE-2024-32213 2 Logint, Lomag 2 Lomag Warehouse Management, Warehouse Management 2025-09-15 5.3 Medium
The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. By default, hard-coded passwords of 10 characters with little or no complexity are allowed.
CVE-2024-45698 1 Dlink 3 Dir-4860 A1, Dir-x4860, Dir-x4860 Firmware 2025-09-15 9.8 Critical
Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.
CVE-2024-33078 1 Tencent 1 Libpag 2025-09-15 9.8 Critical
Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution.
CVE-2024-33428 1 Stsaz 1 Phiola 2025-09-15 8.8 High
Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.
CVE-2025-53640 1 Cern 1 Indico 2025-09-15 6.5 Medium
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump basic user details (such as name, affiliation and email) in bulk. Version 3.3.7 fixes the issue. Owners of instances that allow everyone to create a user account, who wish to truly restrict access to these user details, should consider restricting user search to managers. As a workaround, it is possible to restrict access to the affected endpoints (e.g. in the webserver config), but doing so would break certain form fields which could no longer show the details of the users listed in those fields, so upgrading instead is highly recommended.
CVE-2025-7883 1 Eluktronics 1 Control Center 2025-09-15 7.8 High
A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the file \AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to command injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7884 1 Eluktronics 1 Control Center 2025-09-15 3.3 Low
A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41. Affected by this vulnerability is an unknown functionality of the component REG File Handler. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7885 1 Huashengdun 1 Webssh 2025-09-15 4.3 Medium
A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument hostname/port leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7887 1 Wikidocs 1 Wikidocs 2025-09-15 4.3 Medium
A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78 and classified as problematic. This vulnerability affects unknown code of the file template.inc.php. The manipulation of the argument path leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7889 1 Callapp 1 Callapp 2025-09-15 5.3 Medium
A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component caller.id.phone.number.block. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-55213 1 Dhtmlx 1 File Explorer 2025-09-15 6.5 Medium
Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.
CVE-2024-55214 1 Dhtmlx 1 File Explorer 2025-09-15 6.5 Medium
Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality.
CVE-2025-22994 1 Zoneland 1 O2oa 2025-09-15 6.1 Medium
O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - Settings.
CVE-2024-36626 1 Prestashop 1 Prestashop 2025-09-15 5.3 Medium
In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php.
CVE-2025-55777 2025-09-15 N/A
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2024-21320 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2025-09-15 6.5 Medium
Windows Themes Spoofing Vulnerability
CVE-2025-57064 1 Tenda 2 G3, G3 Firmware 2025-09-15 7.5 High
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the bindDhcpIndex parameter in the modifyDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.