Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364840 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65958 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2025-12-10 | 8.5 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. This vulnerability is fixed in 0.6.37. | ||||
| CVE-2025-66552 | 1 Nextcloud | 4 Nextcloud, Nextcloud Enterprise Server, Nextcloud Server and 1 more | 2025-12-10 | 4.3 Medium |
| Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1. | ||||
| CVE-2020-36881 | 2 Flexense, Flexsense | 2 Diskboss, Diskboss | 2025-12-10 | 7.8 High |
| Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field. | ||||
| CVE-2020-36882 | 2 Flexense, Flexsense | 2 Diskboss, Diskboss | 2025-12-10 | 7.5 High |
| Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application. | ||||
| CVE-2025-66570 | 1 Yhirose | 1 Cpp-httplib | 2025-12-10 | 10 Critical |
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0. | ||||
| CVE-2025-66550 | 1 Nextcloud | 1 Calendar | 2025-12-10 | 5.7 Medium |
| Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This vulnerability is fixed in 4.7.17 and 5.2.4. | ||||
| CVE-2022-36127 | 1 Apache | 1 Skywalking Nodejs Agent | 2025-12-10 | 7.5 High |
| A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection. | ||||
| CVE-2021-47147 | 1 Linux | 1 Linux Kernel | 2025-12-10 | 6.2 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix a resource leak in an error handling path If an error occurs after a successful 'pci_ioremap_bar()' call, it must be undone by a corresponding 'pci_iounmap()' call, as already done in the remove function. | ||||
| CVE-2025-67613 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67612 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67611 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67610 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67609 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67608 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67607 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67606 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67605 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67503 | 2025-12-10 | N/A | ||
| This CVE is a duplicate of another CVE. | ||||
| CVE-2024-30105 | 2 Microsoft, Redhat | 5 .net, Powershell, Visual Studio and 2 more | 2025-12-09 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-38095 | 2 Microsoft, Redhat | 5 .net, Powershell, Visual Studio and 2 more | 2025-12-09 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||