Export limit exceeded: 364197 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364197 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-23206 1 Amazon 1 Aws Cloud Development Kit 2026-01-23 8.1 High
The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow. However, the current `tls.connect` method will always set `rejectUnauthorized: false` which is a potential security concern. CDK should follow the best practice and set `rejectUnauthorized: true`. However, this could be a breaking change for existing CDK applications and we should fix this with a feature flag. Note that this is marked as low severity Security advisory because the issuer url is provided by CDK users who define the CDK application. If they insist on connecting to a unauthorized OIDC provider, CDK should not disallow this. Additionally, the code block is run in a Lambda environment which mitigate the MITM attack. The patch is in progress. To mitigate, upgrade to CDK v2.177.0 (Expected release date 2025-02-22). Once upgraded, users should make sure the feature flag '@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections' is set to true in `cdk.context.json` or `cdk.json`. There are no known workarounds for this vulnerability.
CVE-2025-37168 3 Arubanetworks, Hp, Hpe 3 Arubaos, Arubaos, Arubaos 2026-01-23 8.2 High
Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices.
CVE-2025-70968 1 Freeimage Project 1 Freeimage 2026-01-23 9.8 Critical
FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().
CVE-2025-63644 2 Ph7builder, Ph7software 2 Ph7 Social Dating Builder, Ph7-social-dating-cms 2026-01-23 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field.
CVE-2025-14556 2 Drupal, Flag Module Project 2 Flag, Flag 2026-01-23 5.4 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.
CVE-2025-14557 2 Drupal, Facebook Pixel Project 2 Facebook Pixel, Facebook Pixel 2026-01-23 4.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1.
CVE-2021-24713 1 Cminds 2 Video Lessons Manager, Video Lessons Manager Pro 2026-01-23 4.8 Medium
The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks
CVE-2023-28749 1 Cminds 1 Cm Search And Replace 2026-01-23 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.
CVE-2026-24342 2026-01-23 N/A
Not used
CVE-2026-24341 2026-01-23 N/A
Not used
CVE-2026-24340 2026-01-23 N/A
Not used
CVE-2026-24339 2026-01-23 N/A
Not used
CVE-2026-24338 2026-01-23 N/A
Not used
CVE-2026-24337 2026-01-23 N/A
Not used
CVE-2026-24336 2026-01-23 N/A
Not used
CVE-2026-24335 2026-01-23 N/A
Not used
CVE-2026-24334 2026-01-23 N/A
Not used
CVE-2022-41342 1 Intel 1 C\+\+ Compiler 2026-01-23 6 Medium
Improper buffer restrictions in the Intel(R) C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-31228 1 Cminds 1 Cm Search And Replace 2026-01-23 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.
CVE-2025-54834 1 Opexustech 1 Foiaxpress Public Access Link 2026-01-23 5.3 Medium
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.