Export limit exceeded: 23530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363781 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-64403 1 Apache 1 Openoffice 2025-11-13 8.1 High
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.
CVE-2022-26318 1 Watchguard 1 Fireware 2025-11-13 9.8 Critical
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
CVE-2024-6219 1 Canonical 1 Lxd 2025-11-13 3.8 Low
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.
CVE-2025-64406 1 Apache 1 Openoffice 2025-11-13 4.3 Medium
An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.
CVE-2025-59118 1 Apache 1 Ofbiz 2025-11-13 7.3 High
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.
CVE-2025-61623 1 Apache 1 Ofbiz 2025-11-13 6.5 Medium
Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.
CVE-2024-9411 1 Ofcms Project 1 Ofcms 2025-11-13 3.5 Low
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-48889 1 Fortinet 2 Fortimanager, Fortimanager Cloud 2025-11-13 7.2 High
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
CVE-2024-45965 1 Contao 1 Contao 2025-11-13 6.4 Medium
Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.
CVE-2024-37005 1 Autodesk 9 Advance Steel, Autocad, Autocad Architecture and 6 more 2025-11-13 7.8 High
A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2024-57868 1 Lev 1 Web\ 2025-11-13 5.5 Medium
Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.
CVE-2024-52322 1 Localshop 1 Webservice\ 2025-11-13 5.5 Medium
WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.
CVE-2024-23454 1 Apache 1 Hadoop 2025-11-13 6.2 Medium
Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all local users. As such, files written in this directory, without setting the correct posix permissions explicitly, may be viewable by all other local users.
CVE-2025-58133 2 Microsoft, Zoom 3 Windows, Rooms, Zoom 2025-11-13 5.3 Medium
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2025-3698 1 Tecno 1 Carlcare 2025-11-13 7.5 High
Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk.
CVE-2025-2190 1 Tecno 1 Com.transsnet.store 2025-11-13 8.1 High
The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.
CVE-2024-7697 2 Tecno, Transsion 2 Com.transsion.carlcare, Carlcare 2025-11-13 7.5 High
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.
CVE-2025-1075 1 Checkmk 1 Checkmk 2025-11-13 7.5 High
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.
CVE-2025-12703 2025-11-12 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-37829 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-11-12 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference.