Export limit exceeded: 363683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363683 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-13481 2 Ibm, Linux 2 Aspera Orchestrator, Linux Kernel 2025-12-15 8.8 High
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
CVE-2025-23260 1 Nvidia 1 Aistore 2025-12-15 5 Medium
NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.
CVE-2025-55816 2 Digitaldruid, Hoteldruid 2 Hoteldruid, Hoteldruid 2025-12-15 6.1 Medium
HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.
CVE-2025-66429 1 Cpanel 1 Cpanel 2025-12-15 8.8 High
An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user.
CVE-2024-56464 1 Ibm 1 Qradar Security Information And Event Manager 2025-12-15 2.7 Low
IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.
CVE-2025-36138 1 Ibm 2 Qradar Security Information And Event Manager, Qradar Suite 2025-12-15 6.4 Medium
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-33119 1 Ibm 1 Qradar Security Information And Event Manager 2025-12-15 6.5 Medium
IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user.
CVE-2025-36170 1 Ibm 2 Qradar Security Information And Event Manager, Qradar Suite 2025-12-15 6.4 Medium
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-43825 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 6.5 Medium
A vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.5, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows sensitive user data to be included in the Freemarker template. This weakness permits an unauthorized actor to gain access to, and potentially render, confidential information that should remain restricted.
CVE-2025-0164 1 Ibm 1 Qradar Security Information And Event Manager 2025-12-15 2.3 Low
IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment.
CVE-2025-43826 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 5.4 Medium
Stored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allow remote attackers to inject arbitrary web script or HTML via any rich text field in a web content article.
CVE-2025-43827 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 4.3 Medium
Insecure Direct Object Reference (IDOR) vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users to from one virtual instance to view the audit events from a different virtual instance via the _com_liferay_portal_security_audit_web_portlet_AuditPortlet_auditEventId parameter.
CVE-2025-43816 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 7.5 High
A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint.
CVE-2025-43819 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 6.5 Medium
A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an remote non-authenticated attacker to reuse old user session by SLO API
CVE-2025-43779 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_commerce_product_definitions_web_internal_portlet_CPDefinitionsPortlet_productTypeName parameter. This malicious payload is then reflected and executed within the user's browser.
CVE-2025-43807 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 5.4 Medium
Stored cross-site scripting (XSS) vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a publication’s “Name” text field.
CVE-2025-43808 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 5.3 Medium
The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which allows remote attackers to access and download virtual products for free via a crafted URL.
CVE-2025-62244 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 4.3 Medium
Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edit page of a publication via the _com_liferay_change_tracking_web_portlet_PublicationsPortlet_ctCollectionId parameter.
CVE-2025-43821 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 5.4 Medium
Cross-site scripting (XSS) vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Commerce Product's Name text field.
CVE-2025-43822 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-15 5.4 Medium
Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload injected into a Terms and Condition's Name text field to (1) Payment Terms, or (2) the Delivery Term on the view order page.