Export limit exceeded: 364861 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364861 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-11428 1 Scilico 1 I\, Librarian 2025-12-10 N/A
I, Librarian 4.10 has XSS via the export.php export_files parameter.
CVE-2019-11449 1 Scilico 1 I\, Librarian 2025-12-10 N/A
I, Librarian 4.10 has XSS via the notes.php notes parameter.
CVE-2025-1080 3 Debian, Libreoffice, Redhat 8 Debian Linux, Libreoffice, Enterprise Linux and 5 more 2025-12-10 7.8 High
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.
CVE-2025-36102 1 Ibm 2 Cognos Controller, Controller 2025-12-10 2.7 Low
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security.
CVE-2025-33111 1 Ibm 2 Cognos Controller, Controller 2025-12-10 4.3 Medium
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.
CVE-2025-36015 1 Ibm 2 Cognos Controller, Controller 2025-12-10 6.5 Medium
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input.
CVE-2025-36017 1 Ibm 1 Controller 2025-12-10 6.5 Medium
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user.
CVE-2025-14133 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-12-10 8.8 High
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function AP_get_wireless_clientlist_setClientsName of the file mod_form.so. Performing manipulation of the argument clientsname_0 results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-14134 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-12-10 8.8 High
A vulnerability was determined in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RE2000v2Repeater_get_wireless_clientlist_setClientsName of the file mod_form.so. Executing manipulation of the argument clientsname_0 can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-14135 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-12-10 8.8 High
A vulnerability was identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function AP_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-14136 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-12-10 8.8 High
A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2Repeater_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-12917 2 Gztozed, Tozed 3 Zlt T10 Plus, Zlt T10 Plus Firmware, Zlt T10 2025-12-10 4.3 Medium
A vulnerability was identified in TOZED ZLT T10 T10PLUS_3.04.15. The affected element is an unknown function of the file /reqproc/proc_post of the component Reboot Handler. Such manipulation leads to denial of service. Access to the local network is required for this attack to succeed. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-46636 1 Dell 1 Encryption 2025-12-10 6.6 Medium
Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
CVE-2025-64894 3 Adobe, Apple, Microsoft 3 Dng Software Development Kit, Macos, Windows 2025-12-10 5.5 Medium
DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this issue to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-64784 3 Adobe, Apple, Microsoft 3 Dng Software Development Kit, Macos, Windows 2025-12-10 7.1 High
DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-64783 3 Adobe, Apple, Microsoft 3 Dng Software Development Kit, Macos, Windows 2025-12-10 7.8 High
DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-64893 3 Adobe, Apple, Microsoft 3 Dng Software Development Kit, Macos, Windows 2025-12-10 7.1 High
DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-14203 2 Carmelo, Code-projects 2 Question Paper Generator, Question Paper Generator 2025-12-10 6.3 Medium
A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2025-12120 2 Lite-xl, Lite Xl 2 Lite Xl, Lite Xl 2025-12-10 7.3 High
Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow execution of untrusted Lua code if a user opens a malicious project, potentially leading to arbitrary code execution with the privileges of the Lite XL process.
CVE-2025-14205 2 Code-projects, Fabian 2 Chamber Of Commerce Membership Management System, Chamber Of Commerce Membership Management System 2025-12-10 2.4 Low
A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membership_profile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used.