Export limit exceeded: 14587 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366588 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366588 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59111 1 Windu 1 Windu Cms 2025-12-05 6.5 Medium
Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.
CVE-2025-59110 1 Windu 1 Windu Cms 2025-12-05 6.5 Medium
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.
CVE-2025-66544 2025-12-05 N/A
Not used
CVE-2025-66543 2025-12-05 N/A
Not used
CVE-2025-66542 2025-12-05 N/A
Not used
CVE-2025-66541 2025-12-05 N/A
Not used
CVE-2025-66540 2025-12-05 N/A
Not used
CVE-2025-66539 2025-12-05 N/A
Not used
CVE-2025-66538 2025-12-05 N/A
Not used
CVE-2025-66537 2025-12-05 N/A
Not used
CVE-2025-66536 2025-12-05 N/A
Not used
CVE-2025-9553 2 Api Key Manager Project, Drupal 3 Api Key Manager, Api Key Manager, Drupal 2025-12-05 5.3 Medium
Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*.
CVE-2025-9554 2 Drupal, Owl Carousel 2 Project 2 Drupal, Owl Carousel 2 2025-12-05 5.3 Medium
Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2: *.*.
CVE-2025-59048 1 Openbao 2 Aws Plugin, Openbao 2025-12-05 8.1 High
OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a role with the same name in a trusted account, leading to unauthorized access. This impacts all users of the auth-aws plugin who operate in a multi-account AWS environment where IAM role names may not be unique across accounts. This vulnerability has been patched in version 0.1.1 of the auth-aws plugin. A workaround for this issue involves guaranteeing that IAM role names are unique across all AWS accounts that could potentially interact with your OpenBao environment, and to audit for any duplicate IAM roles.
CVE-2025-11154 2 Themeatelier, Wordpress 2 Idonate, Wordpress 2025-12-05 5.4 Medium
The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users.
CVE-2025-5114 1 Easycorp 1 Zentao 2025-12-05 6.3 Medium
A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the argument filePath leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-48057 1 Icinga 1 Icinga 2025-12-05 9.8 Critical
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6.
CVE-2023-26226 1 Yandex 1 Yandex Browser 2025-12-05 9.8 Critical
A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
CVE-2025-20994 1 Samsung 1 Internet 2025-12-04 4.5 Medium
Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.
CVE-2025-20995 1 Samsung 1 Internet 2025-12-04 4.9 Medium
Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files.