Export limit exceeded: 366291 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366291 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-50387 1 Qnap 1 Smb Service 2025-12-08 9.8 Critical
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later
CVE-2025-5317 2 Apple, Bitdefender 3 Macos, Endpoint Security, Endpoint Security Tools 2025-12-08 5.5 Medium
An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.
CVE-2025-13032 3 Avast, Avg, Microsoft 3 Antivirus, Antivirus, Windows 2025-12-08 9.9 Critical
Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3  on windows allows local attacker to escalate privelages via pool overflow.
CVE-2025-33202 3 Linux, Microsoft, Nvidia 4 Linux, Linux Kernel, Windows and 1 more 2025-12-08 6.5 Medium
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerability might lead to denial of service.
CVE-2025-27918 1 Anydesk 1 Anydesk 2025-12-08 9.8 Critical
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet during processing of an Identity user image within the Discovery feature, or when establishing a connection between any two clients.
CVE-2025-27917 1 Anydesk 1 Anydesk 2025-12-08 7.5 High
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Remote Denial of Service can occur because of incorrect deserialization that results in failed memory allocation and a NULL pointer dereference.
CVE-2025-27916 1 Anydesk 1 Anydesk 2025-12-08 7.5 High
An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID.
CVE-2023-38890 1 Phpgurukul 1 Online Shopping Portal 2025-12-08 8.8 High
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.
CVE-2021-29510 2 Fedoraproject, Pydantic 2 Fedora, Pydantic 2025-12-08 3.3 Low
Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pydantic has been patched with fixes available in the following versions: v1.8.2, v1.7.4, v1.6.2. All these versions are available on pypi(https://pypi.org/project/pydantic/#history), and will be available on conda-forge(https://anaconda.org/conda-forge/pydantic) soon. See the changelog(https://pydantic-docs.helpmanual.io/) for details. If you absolutely can't upgrade, you can work around this risk using a validator(https://pydantic-docs.helpmanual.io/usage/validators/) to catch these values. This is not an ideal solution (in particular you'll need a slightly different function for datetimes), instead of a hack like this you should upgrade pydantic. If you are not using v1.8.x, v1.7.x or v1.6.x and are unable to upgrade to a fixed version of pydantic, please create an issue at https://github.com/samuelcolvin/pydantic/issues requesting a back-port, and we will endeavour to release a patch for earlier versions of pydantic.
CVE-2025-59595 1 Absolute 1 Secure Access 2025-12-08 7.5 High
CVE-2025-59595 is an internally discovered denial of service vulnerability in versions of Secure Access prior to 14.12. An attacker can send a specially crafted packet to a server in a non-default configuration and cause the server to crash.
CVE-2025-62893 2 Mediavine, Wordpress 2 Create, Wordpress 2025-12-08 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-61229 2 Shirt-pocket, Shirt Pocket 2 Superduper\!, Superduper 2025-12-08 8.4 High
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.
CVE-2025-14271 2025-12-08 N/A
This CVE ID has been withdrawn by its CVE Numbering Authority.
CVE-2024-52702 1 Mybb 1 Mybb 2025-12-08 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. NOTE: this is disputed by the Supplier because Website Name can only be set by an administrator, who may use JavaScript if they wish.
CVE-2025-63307 1 Alexusmai 2 Laravel-file-manager, Laravel File Manager 2025-12-08 8.1 High
alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting (XSS). The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization.
CVE-2022-50593 1 Advantech 1 Iview 2025-12-08 9.8 Critical
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.
CVE-2024-48863 1 Qnap 1 License Center 2025-12-08 9.8 Critical
A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later
CVE-2025-63690 2 Pig-mesh, Pig4cloud 2 Pig, Pig 2025-12-08 9.1 Critical
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, the eval method in Tomcat's built-in class jakarta.el.ELProcessor can be used to execute commands, leading to a remote code execution vulnerability.
CVE-2025-63691 2 Pig-mesh, Pig4cloud 2 Pig, Pig 2025-12-08 9.6 Critical
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface (/api/admin/sys-token/page) has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who has completed login authentication, and it returns the plaintext authentication Tokens of all users currently logged in to the system. As a result, ordinary users can obtain the administrator's authentication Token through this interface, thereby forging an administrator account, gaining the system's management permissions, and taking over the system.
CVE-2025-63784 1 Onlook 1 Onlook 2025-12-08 6.5 Medium
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing a redirect URL. A remote attacker can send a manipulated X-Forwarded-Host header to redirect an authenticated user to an arbitrary external website under their control, which can be exploited for phishing attacks.