Export limit exceeded: 364861 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364861 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364861 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60319 | 1 Perfree | 1 Perfreeblog | 2025-12-09 | 6.5 Medium |
| PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java). | ||||
| CVE-2025-66323 | 1 Huawei | 1 Harmonyos | 2025-12-09 | 5.3 Medium |
| Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-66324 | 1 Huawei | 1 Harmonyos | 2025-12-09 | 8.4 High |
| Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity. | ||||
| CVE-2024-3772 | 4 Fedoraproject, Pydantic, Pydantic Project and 1 more | 4 Fedora, Pydantic, Pydantic and 1 more | 2025-12-09 | 5.9 Medium |
| Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string. | ||||
| CVE-2025-66326 | 1 Huawei | 1 Harmonyos | 2025-12-09 | 6.7 Medium |
| Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-58279 | 1 Huawei | 1 Harmonyos | 2025-12-09 | 4.4 Medium |
| Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-66325 | 1 Huawei | 2 Emui, Harmonyos | 2025-12-09 | 6.2 Medium |
| Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-14246 | 2 Code-projects, Fabian | 2 Simple Shopping Cart, Simple Shopping Cart | 2025-12-09 | 6.3 Medium |
| A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument user_id results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2025-14247 | 2 Code-projects, Fabian | 2 Simple Shopping Cart, Simple Shopping Cart | 2025-12-09 | 6.3 Medium |
| A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument item_name can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-14248 | 2 Code-projects, Fabian | 2 Simple Shopping Cart, Simple Shopping Cart | 2025-12-09 | 7.3 High |
| A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument admin_username leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-14251 | 2 Code-projects, Fabian | 2 Online Ordering System, Online Ordering System | 2025-12-09 | 7.3 High |
| A security vulnerability has been detected in code-projects Online Ordering System 1.0. This affects an unknown function of the file /admin/ of the component Admin Login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-65796 | 1 Usememos | 1 Memos | 2025-12-09 | 4.3 Medium |
| Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos. | ||||
| CVE-2025-65798 | 1 Usememos | 1 Memos | 2025-12-09 | 5.4 Medium |
| Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users. | ||||
| CVE-2025-66515 | 1 Nextcloud | 1 Approval | 2025-12-09 | 2.7 Low |
| The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0. | ||||
| CVE-2025-65795 | 1 Usememos | 1 Memos | 2025-12-09 | 7.5 High |
| Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request. | ||||
| CVE-2025-65799 | 1 Usememos | 1 Memos | 2025-12-09 | 4.3 Medium |
| A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal. | ||||
| CVE-2025-66553 | 1 Nextcloud | 1 Tables | 2025-12-09 | 4.3 Medium |
| Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4. | ||||
| CVE-2025-66554 | 1 Nextcloud | 1 Contacts | 2025-12-09 | 3.5 Low |
| Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked by the content security policy of the Nextcloud Server code. This vulnerability is fixed in 5.5.4, 6.0.6, and 7.2.5. | ||||
| CVE-2025-66556 | 1 Nextcloud | 1 Talk | 2025-12-09 | 3.5 Low |
| Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2. | ||||
| CVE-2025-66557 | 1 Nextcloud | 1 Deck | 2025-12-09 | 5.4 Medium |
| Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2. | ||||