Export limit exceeded: 366485 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366485 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7893 1 Foresightnews 1 Foresight News 2025-09-17 5.3 Medium
A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component pro.foresightnews.appa. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7894 1 Onyx 1 Onyx 2025-09-17 6.3 Medium
A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py of the component Chat Interface. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8129 1 Koajs 1 Koa 2025-09-17 3.5 Low
A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8203 1 Jingmen Zeyou 1 Large File Upload Control 2025-09-17 6.3 Medium
A vulnerability classified as critical has been found in Jingmen Zeyou Large File Upload Control up to 6.3. Affected is an unknown function of the file /index.jsp. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-38380 1 Linux 1 Linux Kernel 2025-09-17 7.0 High
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-5754 1 Zephyrproject 1 Zephyr 2025-09-17 8.2 High
BT: Encryption procedure host vulnerability
CVE-2024-6137 2 Zephyrproject, Zephyrproject-rtos 2 Zephyr, Zephyr 2025-09-17 7.6 High
BT: Classic: SDP OOB access in get_att_search_list
CVE-2024-6259 2 Zephyrproject, Zephyrproject-rtos 2 Zephyr, Zephyr 2025-09-17 7.6 High
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
CVE-2025-52037 1 Exe-system 1 Notescms 2025-09-17 6.1 Medium
A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08), and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. CWE Definition of the Vulnerability: CWE-79.
CVE-2025-9072 1 Mattermost 2 Mattermost, Mattermost Server 2025-09-17 7.6 High
Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies to an attacker-controlled URL.
CVE-2025-9084 1 Mattermost 2 Mattermost, Mattermost Server 2025-09-17 3.1 Low
Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs
CVE-2025-9078 1 Mattermost 2 Mattermost, Mattermost Server 2025-09-17 4.3 Medium
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previews via hash collision attacks on FNV-1 hashing
CVE-2023-53227 1 Linux 1 Linux Kernel 2025-09-17 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-50290 1 Linux 1 Linux Kernel 2025-09-17 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-8798 1 Zephyrproject 1 Zephyr 2025-09-17 7.5 High
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
CVE-2024-6258 2 Zephyrproject, Zephyrproject-rtos 2 Zephyr, Zephyr 2025-09-17 6.8 Medium
BT: Missing length checks of net_buf in rfcomm_handle_data
CVE-2024-4008 1 Abb 10 2tma310010b0001, 2tma310010b0001 Firmware, 2tma310010b0003 and 7 more 2025-09-17 9.6 Critical
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System
CVE-2024-5931 2 Zephyrproject, Zephyrproject-rtos 2 Zephyr, Zephyr 2025-09-17 6.3 Medium
BT: Unchecked user input in bap_broadcast_assistant
CVE-2024-4785 1 Zephyrproject 1 Zephyr 2025-09-17 7.6 High
BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
CVE-2025-8159 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2025-09-16 8.8 High
A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.