Export limit exceeded: 14587 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364870 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-9486 2 Kubernetes, Kubernetes-sigs 2 Image Builder, Image Builder 2025-12-08 9.8 Critical
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider.
CVE-2024-9594 2 Kubernetes, Kubernetes-sigs 2 Image Builder, Image Builder 2025-12-08 6.3 Medium
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring.
CVE-2024-11991 1 Dfinity 1 Motoko 2025-12-08 5.6 Medium
Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the Canister to enable the incremental garbage collector or enhanced orthogonal persistence, which are non-default features in Motoko.
CVE-2025-29478 1 Treasuredata 1 Fluent Bit 2025-12-08 5.5 Medium
An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.
CVE-2022-27595 1 Qnap 1 Qvpn 2025-12-08 7.8 High
An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windows 2.0.0.1316 and later QVPN Windows 2.0.0.1310 and later
CVE-2025-29477 1 Treasuredata 1 Fluent Bit 2025-12-08 5.5 Medium
An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.
CVE-2022-27600 1 Qnap 3 Qts, Quts Hero, Qutscloud 2025-12-08 6.8 Medium
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and later QuTS hero h5.0.1.2277 build 20230112 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later
CVE-2024-12425 3 Debian, Libreoffice, The Document Foundation 3 Debian Linux, Libreoffice, Libreoffice 2025-12-08 3.3 Low
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.
CVE-2024-12426 3 Debian, Libreoffice, The Document Foundation 3 Debian Linux, Libreoffice, Libreoffice 2025-12-08 6.5 Medium
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4.
CVE-2025-2291 2 Debian, Pgbouncer 2 Debian Linux, Pgbouncer 2025-12-08 8.1 High
Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password
CVE-2024-50395 1 Qnap 1 Media Streaming Add-on 2025-12-08 8.8 High
An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later
CVE-2025-11578 1 Github 1 Enterprise Server 2025-12-08 7.2 High
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker could replace system binaries during hook cleanup and execute a payload that adds their own SSH key to the root user’s authorized keys—thereby granting themselves root SSH access to the server. To exploit this vulnerability, the attacker needed to have enterprise admin privileges. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.19, and was fixed in versions 3.14.20, 3.15.15, 3.16.11, 3.17.8, 3.18.2. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2025-11892 1 Github 1 Enterprise Server 2025-12-08 9.6 Critical
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege escalation and unauthorized workflow triggers. Successful exploitation requires an attacker to have access to the target GitHub Enterprise Server instance and to entice a user, while operating in sudo mode, to click on a crafted malicious link to perform actions that require elevated privileges. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18.1, 3.17.7, 3.16.10, 3.15.14, 3.14.19.
CVE-2024-50387 1 Qnap 1 Smb Service 2025-12-08 9.8 Critical
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later
CVE-2025-5317 2 Apple, Bitdefender 3 Macos, Endpoint Security, Endpoint Security Tools 2025-12-08 5.5 Medium
An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.
CVE-2025-13032 3 Avast, Avg, Microsoft 3 Antivirus, Antivirus, Windows 2025-12-08 9.9 Critical
Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3  on windows allows local attacker to escalate privelages via pool overflow.
CVE-2025-33202 3 Linux, Microsoft, Nvidia 4 Linux, Linux Kernel, Windows and 1 more 2025-12-08 6.5 Medium
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerability might lead to denial of service.
CVE-2025-27918 1 Anydesk 1 Anydesk 2025-12-08 9.8 Critical
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet during processing of an Identity user image within the Discovery feature, or when establishing a connection between any two clients.
CVE-2025-27917 1 Anydesk 1 Anydesk 2025-12-08 7.5 High
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Remote Denial of Service can occur because of incorrect deserialization that results in failed memory allocation and a NULL pointer dereference.
CVE-2025-27916 1 Anydesk 1 Anydesk 2025-12-08 7.5 High
An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID.