Search

Search Results (367102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-53752 2025-07-10 N/A
Not used
CVE-2025-53751 2025-07-10 N/A
Not used
CVE-2025-53750 2025-07-10 N/A
Not used
CVE-2025-53749 2025-07-10 N/A
Not used
CVE-2025-53748 2025-07-10 N/A
Not used
CVE-2025-53747 2025-07-10 N/A
Not used
CVE-2025-53746 2025-07-10 N/A
Not used
CVE-2025-52900 1 Filebrowser 1 Filebrowser 2025-07-10 5.5 Medium
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the database used by File Browser. On standard servers using File Browser prior to version 2.33.7 where the umask configuration has not been hardened before, this makes all the stated files readable by any operating system account. Version 2.33.7 fixes the issue.
CVE-2025-52902 1 Filebrowser 1 Filebrowser 2025-07-10 7.6 High
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting (XSS). Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser. Version 2.33.7 contains a fix for the issue.
CVE-2025-6701 1 Xuxueli 1 Xxl-sso 2025-07-10 3.5 Low
A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirect_url leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-6702 1 Linlinjava 1 Litemall 2025-07-10 4.3 Medium
A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-52928 2 Microsoft, Thebrowser 2 Windows, Arc 2025-07-10 9.6 Critical
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.
CVE-2025-6843 1 Fabian 1 Simple Photo Gallery 2025-07-10 7.3 High
A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6280 1 Superagi 1 Superagi 2025-07-09 5.5 Medium
A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.
CVE-2025-0646 2025-07-09 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-10391 2025-07-09 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-3025 1 Mintplexlabs 1 Anythingllm 2025-07-09 N/A
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.
CVE-2024-3101 1 Mintplexlabs 1 Anythingllm 2025-07-09 7.2 High
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access.
CVE-2024-3283 1 Mintplexlabs 1 Anythingllm 2025-07-09 N/A
A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multi_user_mode' system variable, enabling them to access the '/api/system/enable-multi-user' endpoint and create a new admin user. This issue results from the endpoint accepting a full JSON object in the request body without proper validation of modifiable fields, leading to unauthorized modification of system settings and subsequent privilege escalation.
CVE-2024-3569 1 Mintplexlabs 1 Anythingllm 2025-07-09 N/A
A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted 'Authorization:' header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition.