Export limit exceeded: 365329 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-65794 2025-12-01 N/A
DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2025-65793 2025-12-01 N/A
DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2025-65495 1 Libcoap 1 Libcoap 2025-12-01 7.5 High
Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
CVE-2025-65496 1 Libcoap 1 Libcoap 2025-12-01 4.3 Medium
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
CVE-2025-65497 1 Libcoap 1 Libcoap 2025-12-01 4.3 Medium
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
CVE-2025-65498 1 Libcoap 1 Libcoap 2025-12-01 4.3 Medium
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
CVE-2025-65499 1 Libcoap 1 Libcoap 2025-12-01 4.3 Medium
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
CVE-2025-65500 1 Libcoap 1 Libcoap 2025-12-01 4.3 Medium
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
CVE-2025-65501 1 Libcoap 1 Libcoap 2025-12-01 4.3 Medium
Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.
CVE-2025-60632 1 Free5gc 1 Free5gc 2025-12-01 6.5 Medium
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.
CVE-2025-60633 1 Free5gc 1 Free5gc 2025-12-01 6.5 Medium
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.
CVE-2025-63601 1 Snipeitapp 1 Snipe-it 2025-12-01 9.9 Critical
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.
CVE-2025-45778 1 Languagesloth 1 The Language Sloth 2025-12-01 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field.
CVE-2020-13956 5 Apache, Netapp, Oracle and 2 more 27 Httpclient, Active Iq Unified Manager, Snapcenter and 24 more 2025-12-01 5.3 Medium
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
CVE-2025-60638 1 Free5gc 1 Free5gc 2025-12-01 7.5 High
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.
CVE-2025-36112 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-12-01 5.3 Medium
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user.
CVE-2025-64048 1 Yccms 1 Yccms 2025-12-01 6.1 Medium
YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The vulnerability exists in the add() and getPost() functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field.
CVE-2025-36150 1 Ibm 1 Concert 2025-12-01 5.9 Medium
IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2025-62497 1 Sony 2 Snc-cx600w, Snc-cx600w Firmware 2025-12-01 6.5 Medium
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed.
CVE-2025-11794 1 Mattermost 2 Mattermost, Mattermost Server 2025-12-01 4.9 Medium
Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/{user_id}/email/verify/member endpoint