Export limit exceeded: 364869 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364869 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59790 1 Apache 1 Kvrocks 2025-12-04 5.4 Medium
Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.
CVE-2025-66424 1 Tryton 1 Trytond 2025-12-04 6.5 Medium
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
CVE-2025-65186 1 Getgrav 2 Grav, Grav Cms 2025-12-04 6.1 Medium
Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.
CVE-2025-65358 2 Hashenudara, Hshnudr 2 Edoc-doctor-appointment-system, Doctors Appointment System 2025-12-04 9.8 Critical
Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.
CVE-2025-20753 1 Mediatek 43 Modem, Mt2735, Mt2737 and 40 more 2025-12-04 5.3 Medium
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689252; Issue ID: MSV-4841.
CVE-2025-62728 1 Apache 1 Hive 2025-12-04 5.4 Medium
SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is accessible to only a handful of applications (e.g., Hiveserver2) thus the vulnerability is not exploitable. Moreover, the vulnerable code cannot be reached when metastore.try.direct.sql property is set to false. This issue affects Apache Hive: from 4.1.0 before 4.2.0. Users are recommended to upgrade to version 4.2.0, which fixes the issue. Users who cannot upgrade directly are encouraged to set metastore.try.direct.sql property to false if the HMS Thrift APIs are exposed to general public.
CVE-2025-13787 2 Easycorp, Zentao 2 Zentao, Zentao 2025-12-04 5.4 Medium
A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 21.7.7 is sufficient to fix this issue. You should upgrade the affected component.
CVE-2025-13788 1 Chanjet 2 Chanjet Cms, Chanjet Crm 2025-12-04 7.3 High
A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-13789 2 Easycorp, Zentao 2 Zentao, Zentao 2025-12-04 6.3 Medium
A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 21.7.6 mitigates this issue. It is suggested to upgrade the affected component.
CVE-2025-62189 4 Linux, Logstare, Microsoft and 1 more 5 Linux, Linux Kernel, Collector and 2 more 2025-12-04 N/A
LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request.
CVE-2025-14024 2025-12-04 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2017-13035 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().
CVE-2017-13034 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().
CVE-2017-13031 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().
CVE-2017-13028 3 Debian, Redhat, Tcpdump 3 Debian Linux, Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().
CVE-2017-13025 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().
CVE-2017-13024 3 Debian, Redhat, Tcpdump 3 Debian Linux, Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().
CVE-2017-13022 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().
CVE-2017-13021 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().
CVE-2017-13020 3 Debian, Redhat, Tcpdump 3 Debian Linux, Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().