Export limit exceeded: 364243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364243 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-3967 1 Itwanger 1 Paicoding 2025-05-12 5.4 Medium
A vulnerability was found in itwanger paicoding 1.0.3. It has been classified as critical. This affects an unknown part of the file /article/api/post of the component Article Handler. The manipulation of the argument articleId leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3970 1 Jsite 1 Jsite 2025-05-12 3.5 Low
A vulnerability classified as problematic has been found in baseweb JSite up to 1.0. Affected is an unknown function of the file /sys/office/save. The manipulation of the argument Remarks leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3975 1 Scriptandtools 1 Ecommerce-website-in-php 2025-05-12 5.3 Medium
A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as problematic. This issue affects some unknown processing of the file /admin/subscriber-csv.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-46657 1 Karaz 1 Karazal 2025-05-12 7.2 High
Karaz Karazal through 2025-04-14 allows reflected XSS via the lang parameter to the default URI.
CVE-2025-3977 1 Iteachyou 1 Dreamer Cms 2025-05-12 4.3 Medium
A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3978 1 Lecms 1 Lecms 2025-05-12 4.3 Medium
A vulnerability was found in dazhouda lecms 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/view/default/user_set.htm. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3979 1 Lecms 1 Lecms 2025-05-12 4.3 Medium
A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-password-ajax-1 of the component Password Change Handler. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3980 1 Wowjoy 1 Internet Doctor Workstation System 2025-05-12 4.3 Medium
A vulnerability classified as problematic was found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0. This vulnerability affects unknown code of the file /v1/prescription/list. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3981 1 Wowjoy 1 Internet Doctor Workstation System 2025-05-12 4.3 Medium
A vulnerability, which was classified as problematic, has been found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0. This issue affects some unknown processing of the file /v1/prescription/details/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3982 1 Nortikin 1 Sverchok 2025-05-12 4.3 Medium
A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/object_nodes/getsetprop_mk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2022-3552 1 Boxbilling 1 Boxbilling 2025-05-12 7.2 High
Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.
CVE-2022-34390 1 Dell 4 Alienware Area-51 R4, Alienware Area-51 R4 Firmware, Alienware Area-51 R5 and 1 more 2025-05-12 7.5 High
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
CVE-2020-8975 1 Zigor 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware 2025-05-12 7.5 High
ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system.
CVE-2025-20665 2 Google, Mediatek 53 Android, Mt6580, Mt6761 and 50 more 2025-05-12 5.5 Medium
In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.
CVE-2022-42117 1 Liferay 2 Dxp, Liferay Portal 2025-05-12 6.1 Medium
A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.
CVE-2019-17359 4 Apache, Bouncycastle, Netapp and 1 more 21 Tomee, Bc-java, Active Iq Unified Manager and 18 more 2025-05-12 7.5 High
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
CVE-2018-1000180 5 Bouncycastle, Debian, Netapp and 2 more 24 Bc-java, Fips Java Api, Debian Linux and 21 more 2025-05-12 N/A
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
CVE-2016-1000352 2 Bouncycastle, Redhat 4 Bc-java, Jboss Fuse, Satellite and 1 more 2025-05-12 N/A
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
CVE-2016-1000346 3 Bouncycastle, Debian, Redhat 5 Bc-java, Debian Linux, Jboss Fuse and 2 more 2025-05-12 N/A
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.
CVE-2016-1000340 2 Bouncycastle, Redhat 4 Bc-java, Jboss Fuse, Satellite and 1 more 2025-05-12 N/A
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.