Search

Search Results (364840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-46328 1 Snowflake 1 Snowflake Connector 2025-05-09 3.3 Low
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided file. On Linux and macOS the Driver verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Driver. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 2.0.4.
CVE-2025-46329 1 Snowflake 1 Connector For C\/c\+\+ 2025-05-09 3.3 Low
libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. This issue has been patched in version 2.2.0.
CVE-2025-46330 1 Snowflake 1 Connector For C\/c\+\+ 2025-05-09 3.3 Low
libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0.
CVE-2025-46338 1 Audiobookshelf 1 Audiobookshelf 2025-05-09 6.1 Medium
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected cross-site scripting (XSS) attack by submitting malicious payloads in the `libraryId` field. The unsanitized input is reflected in the server’s error message, enabling arbitrary JavaScript execution in a victim's browser. This issue has been patched in version 2.21.0.
CVE-2025-46343 1 N8n 1 N8n 2025-05-09 5 Medium
n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME type of uploaded files, and the MIME type could be controlled via a GET parameter. This allows the server to respond with any MIME type, potentially enabling malicious content to be interpreted and executed by the browser. An authenticated attacker with member-level permissions could exploit this by uploading a crafted HTML file containing malicious JavaScript. When another user visits the binary data endpoint with the MIME type set to text/html, the script executes in the context of the user’s session. This script could send a request to change the user’s email address in their account settings, effectively enabling account takeover. This issue has been patched in version 1.90.0.
CVE-2023-52308 1 Paddlepaddle 1 Paddlepaddle 2025-05-09 4.7 Medium
FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2025-4060 1 Anujk305 1 Notice Board System 2025-05-09 7.3 High
A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /category.php. The manipulation of the argument catname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4061 1 Fabian 1 Clothing Store Management System 2025-05-09 5.3 Medium
A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVE-2025-4062 1 Fabian 1 Theater Seat Booking System 2025-05-09 5.3 Medium
A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the argument cancelcustomername leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVE-2025-4064 1 Scriptandtools 1 Online Traveling System 2025-05-09 5.3 Medium
A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-46584 1 Huawei 1 Harmonyos 2025-05-09 7.8 High
Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-46585 1 Huawei 1 Harmonyos 2025-05-09 7.5 High
Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58252 1 Huawei 1 Harmonyos 2025-05-09 6.2 Medium
Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-46587 1 Huawei 1 Harmonyos 2025-05-09 6.2 Medium
Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-46590 1 Huawei 1 Harmonyos 2025-05-09 6.3 Medium
Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions.
CVE-2025-46592 1 Huawei 1 Harmonyos 2025-05-09 4.4 Medium
Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2022-3741 1 Chatwoot 1 Chatwoot 2025-05-09 9.8 Critical
Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.
CVE-2022-0074 1 Litespeedtech 1 Openlitespeed 2025-05-09 8.8 High
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.
CVE-2022-0072 1 Litespeedtech 1 Openlitespeed 2025-05-09 5.8 Medium
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1
CVE-2024-45563 1 Qualcomm 28 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 25 more 2025-05-09 6.6 Medium
Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session.