Export limit exceeded: 365367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365367 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66253 | 1 Dbbroadcast | 45 Mozart Dds Next 100, Mozart Dds Next 1000, Mozart Dds Next 1000 Firmware and 42 more | 2025-12-03 | 9.8 Critical |
| Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec() allows remote code execution via start_upgrade.php. The `/var/tdf/start_upgrade.php` endpoint passes user-controlled `$_GET["filename"]` directly into `exec()` without sanitization or shell escaping. Attackers can inject arbitrary shell commands using metacharacters (`;`, `|`, etc.) to achieve remote code execution as the web server user (likely root). | ||||
| CVE-2025-66289 | 1 Orangehrm | 1 Orangehrm | 2025-12-03 | 8.8 High |
| OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, or an attacker using a compromised account, can continue to access protected pages and perform operations as long as a prior session remains active. Because the server performs no session revocation or session-store cleanup during these critical state changes, disabling an account or updating credentials has no effect on already-established sessions. This makes administrative disable actions ineffective and allows unauthorized users to retain full access even after an account is closed or a password is reset, exposing the system to prolonged unauthorized use and significantly increasing the impact of account takeover scenarios. This issue has been patched in version 5.8. | ||||
| CVE-2025-66252 | 1 Dbbroadcast | 45 Mozart Dds Next 100, Mozart Dds Next 1000, Mozart Dds Next 1000 Firmware and 42 more | 2025-12-03 | 7.5 High |
| Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a loop. | ||||
| CVE-2025-66251 | 1 Dbbroadcast | 45 Mozart Dds Next 100, Mozart Dds Next 1000, Mozart Dds Next 1000 Firmware and 42 more | 2025-12-03 | 9.1 Critical |
| Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows path traversal deletion of arbitrary .tgz files. | ||||
| CVE-2025-66250 | 1 Dbbroadcast | 45 Mozart Dds Next 100, Mozart Dds Next 1000, Mozart Dds Next 1000 Firmware and 42 more | 2025-12-03 | 9.8 Critical |
| Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary file upload via /var/tdf/status_contents.php. | ||||
| CVE-2025-66290 | 1 Orangehrm | 1 Orangehrm | 2025-12-03 | 4.3 Medium |
| OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no permission to view the Recruitment module, can directly access candidate attachment URLs. When an authenticated request is made to the attachment endpoint, the system validates the session but does not confirm that the requesting user has the necessary recruitment permissions. As a result, any authenticated user can download CVs and other uploaded documents for arbitrary candidates by issuing direct requests to the attachment endpoint, leading to unauthorized exposure of sensitive applicant data. This issue has been patched in version 5.8. | ||||
| CVE-2025-21621 | 1 Geoserver | 1 Geoserver | 2025-12-03 | 6.1 Medium |
| GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting (XSS) vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's browser through specially crafted SLD_BODY parameters. This issue has been patched in version 2.25.0. | ||||
| CVE-2025-61598 | 1 Discourse | 1 Discourse | 2025-12-03 | 5.3 Medium |
| Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2. | ||||
| CVE-2025-66291 | 1 Orangehrm | 1 Orangehrm | 2025-12-03 | 4.3 Medium |
| OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has permission to access the associated interview record. Because the server does not perform any recruitment-level authorization checks, an ESS-level user with no access to recruitment workflows can directly request interview attachment URLs and receive the corresponding files. This exposes confidential interview documents—including candidate CVs, evaluations, and supporting files—to unauthorized users. The issue arises from relying on predictable object identifiers and session presence rather than validating the user’s association with the relevant recruitment process. This issue has been patched in version 5.8. | ||||
| CVE-2020-8597 | 5 Canonical, Debian, Point-to-point Protocol Project and 2 more | 8 Ubuntu Linux, Debian Linux, Point-to-point Protocol and 5 more | 2025-12-03 | 9.8 Critical |
| eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. | ||||
| CVE-2020-7595 | 8 Canonical, Debian, Fedoraproject and 5 more | 35 Ubuntu Linux, Debian Linux, Fedora and 32 more | 2025-12-03 | 7.5 High |
| xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | ||||
| CVE-2020-36421 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2025-12-03 | 5.3 Medium |
| An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed. | ||||
| CVE-2025-64344 | 1 Oisf | 1 Suricata | 2025-12-03 | 7.5 High |
| Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size. | ||||
| CVE-2025-66303 | 1 Getgrav | 1 Grav | 2025-12-03 | 4.9 Medium |
| Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service (DoS) vulnerability has been identified in Grav related to the handling of scheduled_at parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduled_at parameter with a malicious input, such as a single quote, the application admin panel becomes non-functional, causing significant disruptions to administrative operations. The only way to recover from this issue is to manually access the host server and modify the backup.yaml file to correct the corrupted cron expression. This vulnerability is fixed in 1.8.0-beta.27. | ||||
| CVE-2025-66302 | 1 Getgrav | 1 Grav | 2025-12-03 | 6.8 Medium |
| Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of the user account running the application. This vulnerability is fixed in 1.8.0-beta.27. | ||||
| CVE-2025-66297 | 1 Getgrav | 1 Grav | 2025-12-03 | 8.8 High |
| Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute arbitrary system commands via the scheduler API. This results in both Privilege Escalation (PE) and Remote Code Execution (RCE) vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27. | ||||
| CVE-2025-66298 | 1 Getgrav | 1 Grav | 2025-12-03 | 7.5 High |
| Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details (including plugin configuration details) by using the correct POST payload to exploit a Server-Side Template (SST) vulnerability. Sensitive information may be contained in the configuration details. This vulnerability is fixed in 1.8.0-beta.27. | ||||
| CVE-2025-66301 | 1 Getgrav | 1 Grav | 2025-12-03 | 9.6 Critical |
| Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/{page_name}, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through modifying the content of the data[_json][header][form] which is the YAML frontmatter which includes the process section which dictates what happens after a user submits the form which include some important actions that could lead to further vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27. | ||||
| CVE-2025-66300 | 1 Getgrav | 1 Grav | 2025-12-03 | 8.5 High |
| Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files (/grav/user/accounts/*.yaml), which store hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. This vulnerability is fixed in 1.8.0-beta.27. | ||||
| CVE-2025-66299 | 1 Getgrav | 1 Grav | 2025-12-03 | 8.8 High |
| Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox does not fully protect the Twig object, it is possible to interact with it (e.g., call methods, read/write attributes) through maliciously crafted Twig template directives injected into a web page. This allows an authenticated editor to add arbitrary functions to the Twig attribute system.twig.safe_filters, effectively bypassing the Grav CMS sandbox. This vulnerability is fixed in 1.8.0-beta.27. | ||||