Search

Search Results (366571 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-43960 1 Adminer 1 Adminer 2025-09-12 8.6 High
Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.
CVE-2023-3712 1 Honeywell 2 Pm43, Pm43 Firmware 2025-09-12 6.6 Medium
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.  Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
CVE-2023-3711 1 Honeywell 2 Pm43, Pm43 Firmware 2025-09-12 6.4 Medium
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
CVE-2023-3710 1 Honeywell 13 Pc23 43, Pd43, Pm23 43 and 10 more 2025-09-12 9.9 Critical
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
CVE-2025-9406 2 Mossle, Xuhuisheng 2 Lemon, Lemon 2025-09-12 6.3 Medium
A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-9403 1 Jqlang 1 Jq 2025-09-12 3.3 Low
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.
CVE-2017-1000190 2 Apache, Simplexml Project 2 Solr, Simplexml 2025-09-12 9.1 Critical
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
CVE-2025-9396 2 Ckolivas, Long Range Zip Project 2 Lrzip, Long Range Zip 2025-09-12 3.3 Low
A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.
CVE-2025-9394 1 Podofo Project 1 Podofo 2025-09-12 5.3 Medium
A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called 22d16cb142f293bf956f66a4d399cdd65576d36c. A patch should be applied to remediate this issue.
CVE-2022-24614 2 Metadata-extractor Project, Redhat 2 Metadata-extractor, Jboss Fuse 2025-09-12 5.5 Medium
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
CVE-2019-11272 3 Debian, Redhat, Vmware 3 Debian Linux, Jboss Fuse, Spring Security 2025-09-12 7.3 High
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
CVE-2019-5312 1 Wxjava Project 1 Wxjava 2025-09-12 9.8 Critical
An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318.
CVE-2023-42276 1 Hutool 1 Hutool 2025-09-12 9.8 Critical
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
CVE-2025-50674 1 Openmediavault 1 Openmediavault 2025-09-12 7.8 High
An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.
CVE-2023-51080 1 Hutool 1 Hutool 2025-09-12 7.5 High
The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
CVE-2025-51605 1 Shopizer 1 Shopizer 2025-09-12 8.1 High
An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make authenticated cross-origin requests and read sensitive responses.
CVE-2024-53496 2 Winterchen, Winterchens 2 My-site, My-site 2025-09-12 9.8 Critical
Incorrect access control in the doFilter function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
CVE-2025-52085 1 Yoosee 1 Yoosee 2025-09-12 8.8 High
An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner and version, current database user and schema, the current DBMS user privileges, and arbitrary data from any table.
CVE-2025-52287 1 Elite Project 1 Elite 2025-09-12 8.8 High
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability.
CVE-2025-55581 2 D-link, Dlink 3 Dcs-825l, Dcs-825l, Dcs-825l Firmware 2025-09-12 7.3 High
D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the `dcp` and `signalc` binaries without validating their integrity, origin, or permissions. An attacker with filesystem access (e.g., via UART or firmware modification) may replace these binaries to achieve persistent arbitrary code execution with root privileges. The issue stems from improper handling of executable trust and absence of integrity checks in the watchdog logic.