Export limit exceeded: 364816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364816 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-13432 1 Hashicorp 2 Terraform, Terraform Enterprise 2025-12-10 4.3 Medium
Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability, CVE-2025-13432, is fixed in Terraform Enterprise version 1.1.1 and 1.0.3.
CVE-2025-64760 1 Enalean 1 Tuleap 2025-12-10 4.6 Medium
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8.
CVE-2025-61138 1 Qlik 1 Qlik Sense 2025-12-10 7.5 High
Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.
CVE-2024-0353 1 Eset 11 Endpoint Antivirus, Endpoint Security, File Security and 8 more 2025-12-10 7.8 High
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
CVE-2025-26519 1 Musl-libc 1 Musl 2025-12-10 8.1 High
musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.
CVE-2025-64650 1 Ibm 1 Storage Defender Resiliency Service 2025-12-10 6.5 Medium
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.
CVE-2025-36140 1 Ibm 1 Watsonx.data 2025-12-10 6.5 Medium
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
CVE-2025-34299 1 Monstaftp 1 Monsta Ftp 2025-12-10 9.8 Critical
Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.
CVE-2025-54293 2 Canonical, Linux 3 Lxd, Linux, Linux Kernel 2025-12-10 6.5 Medium
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.
CVE-2025-54292 1 Canonical 1 Lxd 2025-12-10 4.6 Medium
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.
CVE-2024-6472 3 Libreoffice, Redhat, The Document Foundation 7 Libreoffice, Enterprise Linux, Rhel Aus and 4 more 2025-12-10 7.8 High
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5.
CVE-2025-0514 2 Libreoffice, The Document Foundation 2 Libreoffice, Libreoffice 2025-12-10 7.8 High
Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.
CVE-2021-25635 2 Libreoffice, Redhat 2 Libreoffice, Enterprise Linux 2025-12-10 5.5 Medium
An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1.
CVE-2024-3044 4 Debian, Fedoraproject, Libreoffice and 1 more 4 Debian Linux, Fedora, Libreoffice and 1 more 2025-12-10 6.5 Medium
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
CVE-2019-11359 1 Scilico 1 I\, Librarian 2025-12-10 N/A
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.
CVE-2019-11428 1 Scilico 1 I\, Librarian 2025-12-10 N/A
I, Librarian 4.10 has XSS via the export.php export_files parameter.
CVE-2019-11449 1 Scilico 1 I\, Librarian 2025-12-10 N/A
I, Librarian 4.10 has XSS via the notes.php notes parameter.
CVE-2025-1080 3 Debian, Libreoffice, Redhat 8 Debian Linux, Libreoffice, Enterprise Linux and 5 more 2025-12-10 7.8 High
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.
CVE-2025-36102 1 Ibm 2 Cognos Controller, Controller 2025-12-10 2.7 Low
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security.
CVE-2025-33111 1 Ibm 2 Cognos Controller, Controller 2025-12-10 4.3 Medium
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.