Export limit exceeded: 363715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363715 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-9624 2 Amazon, Opensearch 2 Opensearch, Opensearch 2025-12-15 7.5 High
A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.
CVE-2025-65094 1 Wbce 1 Wbce Cms 2025-12-15 8.8 High
WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, but server-side validation is missing, allowing attackers to overwrite their group membership and obtain full administrative access. This results in a complete compromise of the CMS. This issue has been patched in version 1.6.4.
CVE-2025-59693 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-15 9.8 Critical
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02.
CVE-2025-59694 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-15 6.8 Medium
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the firmware via JTAG or perform an upgrade to the chassis management board firmware. This is called F03.
CVE-2025-59695 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-15 9.8 Critical
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.
CVE-2023-36690 1 Vibethemes 1 Wordpress Learning Management System 2025-12-15 8.1 High
Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.
CVE-2025-67907 2025-12-15 N/A
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-67906. Reason: This candidate is a reservation duplicate of CVE-2025-67906. Notes: All CVE users should reference CVE-2025-67906 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2025-13832 2025-12-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-67871 2025-12-13 N/A
Not used
CVE-2025-67870 2025-12-13 N/A
Not used
CVE-2025-67869 2025-12-13 N/A
Not used
CVE-2025-67868 2025-12-13 N/A
Not used
CVE-2025-67867 2025-12-13 N/A
Not used
CVE-2025-67866 2025-12-13 N/A
Not used
CVE-2025-67865 2025-12-13 N/A
Not used
CVE-2025-67864 2025-12-13 N/A
Not used
CVE-2025-67863 2025-12-13 N/A
Not used
CVE-2025-14066 2025-12-12 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-43830 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-12 6.1 Medium
Stored cross-site scripting (XSS) vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form with a rich text type field.
CVE-2025-62246 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-12 5.4 Medium
Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a user’s first, middle or last name text field to (1) page comments widget, (2) blog entry comments, (3) document and media document comments, (4) message board messages, (5) wiki page comments or (6) other widgets/apps that supports mentions.