Export limit exceeded: 363677 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363677 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-42936 1 Ruijie 2 Reyee Os, Rg-ew300n 2025-12-15 9.8 Critical
The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.
CVE-2025-43741 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 5.4 Medium
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScrip in the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_assetTagNames parameter
CVE-2025-43753 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 5.4 Medium
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update 92 allows an remote authenticated user to inject JavaScript into the embedded message field from the form container.
CVE-2025-14528 1 Dlink 2 Dir-803, Dir-803 Firmware 2025-12-15 5.3 Medium
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-65472 1 Easyimages2.0 Project 1 Easyimages2.0 2025-12-15 8.8 High
A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page.
CVE-2025-65473 1 Easyimages2.0 Project 1 Easyimages2.0 2025-12-15 9.1 Critical
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name.
CVE-2025-36354 1 Ibm 4 Security Verify Access, Security Verify Access Docker, Verify Identity Access and 1 more 2025-12-15 7.3 High
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input.
CVE-2025-36355 1 Ibm 4 Security Verify Access, Security Verify Access Docker, Verify Identity Access and 1 more 2025-12-15 8.5 High
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
CVE-2025-36356 1 Ibm 4 Security Verify Access, Security Verify Access Docker, Verify Identity Access and 1 more 2025-12-15 9.3 Critical
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.
CVE-2022-4455 1 Php-calendar 1 Php-calendar 2025-12-15 3.5 Low
A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is advisable to implement a patch to correct this issue.
CVE-2025-13148 2 Ibm, Linux 2 Aspera Orchestrator, Linux Kernel 2025-12-15 8.1 High
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password.
CVE-2025-13211 2 Ibm, Linux 2 Aspera Orchestrator, Linux Kernel 2025-12-15 5.3 Medium
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.
CVE-2025-13214 2 Ibm, Linux 2 Aspera Orchestrator, Linux Kernel 2025-12-15 7.6 High
IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
CVE-2025-13481 2 Ibm, Linux 2 Aspera Orchestrator, Linux Kernel 2025-12-15 8.8 High
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
CVE-2025-23260 1 Nvidia 1 Aistore 2025-12-15 5 Medium
NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.
CVE-2025-55816 2 Digitaldruid, Hoteldruid 2 Hoteldruid, Hoteldruid 2025-12-15 6.1 Medium
HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.
CVE-2025-66429 1 Cpanel 1 Cpanel 2025-12-15 8.8 High
An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user.
CVE-2024-56464 1 Ibm 1 Qradar Security Information And Event Manager 2025-12-15 2.7 Low
IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.
CVE-2025-36138 1 Ibm 2 Qradar Security Information And Event Manager, Qradar Suite 2025-12-15 6.4 Medium
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-33119 1 Ibm 1 Qradar Security Information And Event Manager 2025-12-15 6.5 Medium
IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user.