Export limit exceeded: 366043 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366043 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-57772 1 Dataease 1 Dataease 2025-09-03 9.8 Critical
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2's filtering logic and returns the H2 JDBC URL, allowing the "driver":"org.h2.Driver" to specify the H2 driver for the JDBC connection. The vulnerability has been fixed in version 2.10.12.
CVE-2025-8548 2 Atjiu, Pybbs Project 2 Pybbs, Pybbs 2025-09-03 3.7 Low
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue.
CVE-2025-8549 2 Atjiu, Pybbs Project 2 Pybbs, Pybbs 2025-09-03 3.7 Low
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as d09cb19a8e7d7e5151282926ada54080244d499f. It is recommended to apply a patch to fix this issue.
CVE-2024-49972 1 Linux 1 Linux Kernel 2025-09-03 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Deallocate DML memory if allocation fails [Why] When DC state create DML memory allocation fails, memory is not deallocated subsequently, resulting in uninitialized structure that is not NULL. [How] Deallocate memory if DML memory allocation fails.
CVE-2024-43886 1 Linux 1 Linux Kernel 2025-09-03 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check in resource_log_pipe_topology_update [WHY] When switching from "Extend" to "Second Display Only" we sometimes call resource_get_otg_master_for_stream on a stream for the eDP, which is disconnected. This leads to a null pointer dereference. [HOW] Added a null check in dc_resource.c/resource_log_pipe_topology_update.
CVE-2024-5657 1 Born05 1 Two-factor Authentication 2025-09-03 3.7 Low
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.
CVE-2024-5658 1 Born05 2 Craft Cms, Two-factor Authentication 2025-09-03 4.8 Medium
The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.
CVE-2025-58170 2025-09-03 N/A
This CVE is a duplicate of another CVE.
CVE-2025-58169 2025-09-03 N/A
This CVE is a duplicate of another CVE.
CVE-2025-58168 2025-09-03 N/A
This CVE is a duplicate of another CVE.
CVE-2025-58167 2025-09-03 N/A
This CVE is a duplicate of another CVE.
CVE-2025-58166 2025-09-03 N/A
This CVE is a duplicate of another CVE.
CVE-2025-58165 2025-09-03 N/A
This CVE is a duplicate of another CVE, CVE-2025-58163.
CVE-2025-58164 2025-09-03 N/A
This CVE is a duplicate of another CVE, CVE-2025-58163.
CVE-2024-27101 1 Authzed 1 Spicedb 2025-09-02 7.3 High
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2.
CVE-2025-26623 2 Exiv2, Redhat 2 Exiv2, Enterprise Linux 2025-09-02 9.8 Critical
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-25574 1 Jupyter 1 Lti Jupyterhub Authenticator 2025-09-02 10 Critical
`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only users that has configured a JupyterHub installation to use the authenticator class `LTI13Authenticator` are affected. `jupyterhub-ltiauthenticator` version 1.4.0 removes LTI13Authenticator to address the issue. No known workarounds are available.
CVE-2025-1817 1 Projectteam 1 Mini-tmall 2025-09-02 2.4 Low
A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1843 1 Project Team 1 Tmall Demo 2025-09-02 6.3 Medium
A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211. This issue affects the function select of the file com/xq/tmall/dao/ProductMapper.java. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-47092 1 Heinlein-support 1 Check Mk Python Api 2025-09-02 9.8 Critical
Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1