Export limit exceeded: 367105 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367105 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61715 | 2025-10-01 | N/A | ||
| Not used | ||||
| CVE-2025-61714 | 2025-10-01 | N/A | ||
| Not used | ||||
| CVE-2024-7480 | 1 Avaya | 1 Aura System Manager | 2025-10-01 | 4.2 Medium |
| An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. | ||||
| CVE-2024-4196 | 1 Avaya | 1 Ip Office | 2025-10-01 | 10 Critical |
| An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1. | ||||
| CVE-2024-12756 | 1 Avaya | 1 Spaces | 2025-10-01 | 7.3 High |
| An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user. | ||||
| CVE-2025-29932 | 1 Jetbrains | 1 Goland | 2025-09-30 | 4.1 Medium |
| In JetBrains GoLand before 2025.1 an XXE during debugging was possible | ||||
| CVE-2025-30232 | 1 Exim | 1 Exim | 2025-09-30 | 8.1 High |
| A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. | ||||
| CVE-2025-32054 | 1 Jetbrains | 1 Intellij Idea | 2025-09-30 | 3.3 Low |
| In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file | ||||
| CVE-2024-52974 | 1 Elastic | 1 Kibana | 2025-09-30 | 6.5 Medium |
| An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them. | ||||
| CVE-2024-52980 | 1 Elastic | 1 Elasticsearch | 2025-09-30 | 6.5 Medium |
| A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them. | ||||
| CVE-2024-40513 | 1 Themesbrand | 1 Chatvia | 2025-09-30 | 4.6 Medium |
| An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function. | ||||
| CVE-2024-40514 | 1 Themesbrand | 1 Chatvia | 2025-09-30 | 4.6 Medium |
| Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. | ||||
| CVE-2022-40285 | 2025-09-30 | N/A | ||
| DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-13967. Reason: This record is a reservation duplicate of CVE-2024-13967. Notes: All CVE users should reference CVE-2024-13967 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. | ||||
| CVE-2024-52973 | 1 Elastic | 1 Kibana | 2025-09-30 | 6.5 Medium |
| An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana. | ||||
| CVE-2024-48392 | 1 Orangescrum | 1 Orangescrum | 2025-09-30 | 5.4 Medium |
| OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover. | ||||
| CVE-2024-43707 | 1 Elastic | 1 Kibana | 2025-09-30 | 7.7 High |
| An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions. | ||||
| CVE-2024-43710 | 1 Elastic | 1 Kibana | 2025-09-30 | 4.3 Medium |
| A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that return JSON could be accessed. This can be carried out by users with read access to Fleet. | ||||
| CVE-2024-52972 | 1 Elastic | 1 Kibana | 2025-09-30 | 6.5 Medium |
| An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana. | ||||
| CVE-2024-43708 | 1 Elastic | 1 Kibana | 2025-09-30 | 6.5 Medium |
| An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana. | ||||
| CVE-2025-53494 | 2 Mediawiki, Wmde-fisch | 2 Mediawiki, Twocolconflict | 2025-09-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - TwoColConflict Extension allows Stored XSS.This issue affects Mediawiki - TwoColConflict Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | ||||