Export limit exceeded: 23264 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364799 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64497 | 1 Enalean | 1 Tuleap | 2025-12-10 | 6.5 Medium |
| Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not have access to. This issue is fixed in version 17.0.99.1762431347 of the Tuleap Community Edition and versions 17.0-2, 16.13-7 and 16.12-10 of Tuleap Enterprise Edition. | ||||
| CVE-2025-64498 | 1 Enalean | 1 Tuleap | 2025-12-10 | 4.6 Medium |
| Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10. | ||||
| CVE-2025-64499 | 1 Enalean | 1 Tuleap | 2025-12-10 | 4.6 Medium |
| Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10. | ||||
| CVE-2025-13432 | 1 Hashicorp | 2 Terraform, Terraform Enterprise | 2025-12-10 | 4.3 Medium |
| Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability, CVE-2025-13432, is fixed in Terraform Enterprise version 1.1.1 and 1.0.3. | ||||
| CVE-2025-64760 | 1 Enalean | 1 Tuleap | 2025-12-10 | 4.6 Medium |
| Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8. | ||||
| CVE-2025-61138 | 1 Qlik | 1 Qlik Sense | 2025-12-10 | 7.5 High |
| Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory. | ||||
| CVE-2024-0353 | 1 Eset | 11 Endpoint Antivirus, Endpoint Security, File Security and 8 more | 2025-12-10 | 7.8 High |
| Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. | ||||
| CVE-2025-26519 | 1 Musl-libc | 1 Musl | 2025-12-10 | 8.1 High |
| musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8. | ||||
| CVE-2025-64650 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-12-10 | 6.5 Medium |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files. | ||||
| CVE-2025-36140 | 1 Ibm | 1 Watsonx.data | 2025-12-10 | 6.5 Medium |
| IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits. | ||||
| CVE-2025-34299 | 1 Monstaftp | 1 Monsta Ftp | 2025-12-10 | 9.8 Critical |
| Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server. | ||||
| CVE-2025-54293 | 2 Canonical, Linux | 3 Lxd, Linux, Linux Kernel | 2025-12-10 | 6.5 Medium |
| Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links. | ||||
| CVE-2025-54292 | 1 Canonical | 1 Lxd | 2025-12-10 | 4.6 Medium |
| Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths. | ||||
| CVE-2024-6472 | 3 Libreoffice, Redhat, The Document Foundation | 7 Libreoffice, Enterprise Linux, Rhel Aus and 4 more | 2025-12-10 | 7.8 High |
| Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5. | ||||
| CVE-2025-0514 | 2 Libreoffice, The Document Foundation | 2 Libreoffice, Libreoffice | 2025-12-10 | 7.8 High |
| Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5. | ||||
| CVE-2021-25635 | 2 Libreoffice, Redhat | 2 Libreoffice, Enterprise Linux | 2025-12-10 | 5.5 Medium |
| An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1. | ||||
| CVE-2024-3044 | 4 Debian, Fedoraproject, Libreoffice and 1 more | 4 Debian Linux, Fedora, Libreoffice and 1 more | 2025-12-10 | 6.5 Medium |
| Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted. | ||||
| CVE-2019-11359 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | N/A |
| Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter. | ||||
| CVE-2019-11428 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | N/A |
| I, Librarian 4.10 has XSS via the export.php export_files parameter. | ||||
| CVE-2019-11449 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | N/A |
| I, Librarian 4.10 has XSS via the notes.php notes parameter. | ||||