Export limit exceeded: 366369 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366369 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-55955 2 Microsoft, Trendmicro 2 Windows, Deep Security Agent 2025-09-09 6.7 Medium
An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2024-46916 1 Dieboldnixdorf 1 Vynamic Security Suite 2025-09-09 8.1 High
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition.
CVE-2025-0289 1 Paragon-software 6 Paragon Backup \& Recovery, Paragon Disk Wiper, Paragon Drive Copy and 3 more 2025-09-09 7.8 High
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.
CVE-2024-46917 1 Dieboldnixdorf 1 Vynamic Security Suite 2025-09-09 8.1 High
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes.
CVE-2025-55579 1 Solidinvoice 1 Solidinvoice 2025-09-09 5.4 Medium
SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8.
CVE-2025-0288 1 Paragon-software 6 Paragon Backup \& Recovery, Paragon Disk Wiper, Paragon Drive Copy and 3 more 2025-09-09 7.8 High
Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.
CVE-2025-55580 1 Solidinvoice 1 Solidinvoice 2025-09-09 5.4 Medium
SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8.
CVE-2025-0286 1 Paragon-software 6 Paragon Backup \& Recovery, Paragon Disk Wiper, Paragon Drive Copy and 3 more 2025-09-09 8.4 High
Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine.
CVE-2025-55763 1 Civetweb Project 1 Civetweb 2025-09-09 7.5 High
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of service or arbitrary code execution.
CVE-2025-0285 1 Paragon-software 6 Paragon Backup \& Recovery, Paragon Disk Wiper, Paragon Drive Copy and 3 more 2025-09-09 7.8 High
Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits.
CVE-2025-47793 1 Nextcloud 2 Group Folders, Nextcloud Server 2025-09-08 4.3 Medium
Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the absence of quota checking on attachments allowed logged-in users to upload files exceeding the group folder quota. Nextcloud Server versions 30.0.2 and 29.0.9, Nextcloud Enterprise Server versions 30.0.2, 29.0.9, or 28.0.12, and Nextcloud Groupfolders app 18.0.3, 17.0.5, and 16.0.11 fix the issue. No known workarounds are available.
CVE-2025-47792 1 Nextcloud 1 Desktop 2025-09-08 5 Medium
Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.
CVE-2025-23207 2 Katex, Redhat 2 Katex, Openshift Devspaces 2025-09-08 6.3 Medium
KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade to KaTeX v0.16.21 to remove this vulnerability. Users unable to upgrade should avoid use of or turn off the `trust` option, or set it to forbid `\htmlData` commands, forbid inputs containing the substring `"\\htmlData"` and sanitize HTML output from KaTeX.
CVE-2025-49217 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 9.8 Critical
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.
CVE-2025-49216 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 9.8 Critical
An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.
CVE-2025-49215 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 8.8 High
A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
CVE-2025-49214 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 8.8 High
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
CVE-2025-49213 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 9.8 Critical
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.
CVE-2025-49212 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 9.8 Critical
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.
CVE-2025-49211 2 Microsoft, Trendmicro 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption 2025-09-08 7.7 High
A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.