Export limit exceeded: 363307 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363307 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363307 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-31211 1 Wordpress 1 Wordpress 2026-01-02 5.5 Medium
WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected.
CVE-2025-66589 1 Azeotech 1 Daqfactory 2026-01-02 9.1 Critical
In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a system crash.
CVE-2025-66906 2 Turms, Turms-im 2 Admin Api, Turms 2026-01-02 6.1 Medium
Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges.
CVE-2025-66908 2 Turms, Turms-im 2 Ai Serving, Turms 2026-01-02 5.3 Medium
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormData(contentType = MediaTypeConst.IMAGE) annotation to restrict uploads to image files, but this constraint is not properly enforced. The system relies solely on client-provided Content-Type headers and file extensions without validating actual file content using magic bytes (file signatures). An attacker can upload arbitrary file types including executables, scripts, HTML, or web shells by setting the Content-Type header to "image/*" or using an image file extension. This bypass enables potential server-side code execution, stored XSS, or information disclosure depending on how uploaded files are processed and served.
CVE-2025-66909 2 Turms, Turms-im 2 Ai Serving, Turms 2026-01-02 7.5 High
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without validating dimensions or pixel count before decompression. An attacker can upload a specially crafted compressed image file (e.g., PNG) that is small when compressed but expands to gigabytes of memory when loaded. This causes immediate memory exhaustion, OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. Multiple requests can completely deny service availability.
CVE-2025-66910 2 Turms, Turms-im 2 Turms Server, Turms 2026-01-02 6 Medium
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection.
CVE-2025-66911 2 Turms, Turms-im 2 Im-server, Turms 2026-01-02 6.5 Medium
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, and login timestamps of arbitrary users without proper authorization checks.
CVE-2025-66953 1 Nardamiteq 2 Upc2, Upc2 Firmware 2026-01-02 8.8 High
CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints
CVE-2025-67073 1 Tenda 4 Ac10, Ac10 Firmware, Ac10v4 and 1 more 2026-01-02 9.8 Critical
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.
CVE-2025-67074 1 Tenda 4 Ac10, Ac10 Firmware, Ac10v4 and 1 more 2026-01-02 6.5 Medium
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.
CVE-2025-68935 1 Onlyoffice 1 Document Server 2026-01-02 6.4 Medium
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
CVE-2025-68936 1 Onlyoffice 1 Document Server 2026-01-02 6.4 Medium
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
CVE-2025-68938 1 Gitea 1 Gitea 2026-01-02 4.3 Medium
Gitea before 1.25.2 mishandles authorization for deletion of releases.
CVE-2025-68939 1 Gitea 1 Gitea 2026-01-02 8.2 High
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
CVE-2025-68940 1 Gitea 1 Gitea 2026-01-02 3.1 Low
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
CVE-2025-68941 1 Gitea 1 Gitea 2026-01-02 4.9 Medium
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
CVE-2025-68942 1 Gitea 1 Gitea 2026-01-02 5.4 Medium
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
CVE-2023-1454 1 Jeecg 1 Jeecg Boot 2026-01-02 6.3 Medium
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
CVE-2023-47467 1 Jeecg 1 Jeecg Boot 2026-01-02 6.5 Medium
Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.
CVE-2025-68948 2 B3log, Siyuan 2 Siyuan, Siyuan 2026-01-02 8.1 High
SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode is stored within the session cookie, an attacker who intercepts or obtains a user's encrypted session cookie (e.g., via session hijacking) can locally decrypt it using the public key. Once decrypted, the attacker can retrieve the AccessAuthCode in plain text and use it to authenticate or take over the session.