Export limit exceeded: 366361 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366361 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366361 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-55763 1 Civetweb Project 1 Civetweb 2025-09-09 7.5 High
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of service or arbitrary code execution.
CVE-2025-0285 1 Paragon-software 6 Paragon Backup \& Recovery, Paragon Disk Wiper, Paragon Drive Copy and 3 more 2025-09-09 7.8 High
Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits.
CVE-2025-47793 1 Nextcloud 2 Group Folders, Nextcloud Server 2025-09-08 4.3 Medium
Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the absence of quota checking on attachments allowed logged-in users to upload files exceeding the group folder quota. Nextcloud Server versions 30.0.2 and 29.0.9, Nextcloud Enterprise Server versions 30.0.2, 29.0.9, or 28.0.12, and Nextcloud Groupfolders app 18.0.3, 17.0.5, and 16.0.11 fix the issue. No known workarounds are available.
CVE-2025-47792 1 Nextcloud 1 Desktop 2025-09-08 5 Medium
Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.
CVE-2025-23207 2 Katex, Redhat 2 Katex, Openshift Devspaces 2025-09-08 6.3 Medium
KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade to KaTeX v0.16.21 to remove this vulnerability. Users unable to upgrade should avoid use of or turn off the `trust` option, or set it to forbid `\htmlData` commands, forbid inputs containing the substring `"\\htmlData"` and sanitize HTML output from KaTeX.
CVE-2025-49217 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 9.8 Critical
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.
CVE-2025-49216 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 9.8 Critical
An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.
CVE-2025-49215 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 8.8 High
A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
CVE-2025-49214 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 8.8 High
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
CVE-2025-49213 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 9.8 Critical
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.
CVE-2025-49212 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 9.8 Critical
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.
CVE-2025-49211 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 7.7 High
A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
CVE-2025-47866 2 Microsoft, Trendmicro 2 Windows, Apex Central 2025-09-08 4.3 Medium
An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.
CVE-2025-30678 2 Microsoft, Trendmicro 2 Windows, Apex Central 2025-09-08 6.5 Medium
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
CVE-2025-30679 2 Microsoft, Trendmicro 2 Windows, Apex Central 2025-09-08 6.5 Medium
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
CVE-2025-30680 2 Microsoft, Trendmicro 2 Windows, Apex Central 2025-09-08 7.5 High
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action.
CVE-2025-10088 2 Rems, Sourcecodester 2 Personal Time Tracker, Time Tracker 2025-09-08 3.5 Low
A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.
CVE-2024-32023 1 Bmaltais 1 Kohya Ss 2025-09-08 6.5 Medium
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `find_and_replace` function. This vulnerability is fixed in 23.1.5.
CVE-2024-32024 1 Bmaltais 1 Kohya Ss 2025-09-08 6.5 Medium
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `add_pre_postfix` function. This vulnerability is fixed in 23.1.5.
CVE-2024-32025 1 Bmaltais 1 Kohya Ss 2025-09-08 9.1 Critical
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5.