Export limit exceeded: 364930 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364930 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7458 1 Sqlite 1 Sqlite 2025-08-11 9.1 Critical
An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.
CVE-2025-53082 1 Samsung 2 Data Management Server, Data Management Server Firmware 2025-08-11 6.1 Medium
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
CVE-2025-53081 1 Samsung 2 Data Management Server, Data Management Server Firmware 2025-08-11 6.4 Medium
An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
CVE-2025-53080 1 Samsung 2 Data Management Server, Data Management Server Firmware 2025-08-11 7.1 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
CVE-2025-53079 1 Samsung 2 Data Management Server, Data Management Server Firmware 2025-08-11 4.9 Medium
Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
CVE-2025-53078 1 Samsung 2 Data Management Server, Data Management Server Firmware 2025-08-11 8 High
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
CVE-2025-53077 1 Samsung 2 Data Management Server, Data Management Server Firmware 2025-08-11 6.5 Medium
An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
CVE-2025-8279 1 Gitlab 2 Gitlab-language-server, Language Server 2025-08-11 8.7 High
Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution
CVE-2025-8183 1 D3tn 1 Ud3tn 2025-08-11 7.5 High
NULL Pointer Dereference in µD3TN via non-singleton destination Endpoint Identifier allows remote attacker to reliably cause DoS
CVE-2025-52082 1 Netgear 2 Xr300, Xr300 Firmware 2025-08-11 6.5 Medium
In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter.
CVE-2025-52080 1 Netgear 2 Xr300, Xr300 Firmware 2025-08-11 6.5 Medium
In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter.
CVE-2025-5495 1 Netgear 2 Wnr614, Wnr614 Firmware 2025-08-11 7.3 High
A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024.
CVE-2025-5990 1 Craftycontrol 1 Crafty Controller 2025-08-11 7.6 High
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input.
CVE-2025-32797 1 Anaconda 1 Conda-build 2025-08-11 7.0 High
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing write access to all users. Attackers with filesystem access can exploit a race condition to overwrite the script before execution, enabling arbitrary code execution under the victim's privileges. This risk is significant in shared environments, potentially leading to full system compromise. Even with non-static directory names, attackers can monitor parent directories for file creation events. The brief window between script creation (with insecure permissions) and execution allows rapid overwrites. Directory names can also be inferred via timestamps or logs, and automation enables exploitation even with semi-randomized paths by acting within milliseconds of detection. This issue has been patched in version 25.3.1. A workaround involves restricting conda_build.sh permissions from 0o766 to 0o700 (owner-only read/write/execute). Additionally, use atomic file creation (write to a temporary randomized filename and rename atomically) to minimize the race condition window.
CVE-2025-20234 2 Cisco, Clamav 3 Secure Endpoint, Secure Endpoint Private Cloud, Clamav 2025-08-11 5.3 Medium
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the .
CVE-2025-49591 1 Xwiki 1 Cryptpad 2025-08-11 9.1 Critical
CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the victim has 2FA set up. This is due to 2FA not being enforced if the path parameter is not 44 characters long, which can be bypassed by simply URL encoding a single character in the path. This issue has been patched in version 2025.3.0.
CVE-2025-49590 1 Xwiki 1 Cryptpad 2025-08-11 6.1 Medium
CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which a maliciously crafted URI can follow. This issue has been patched in version 2025.3.0.
CVE-2025-5071 1 Meowapps 1 Ai Engine 2025-08-11 8.8 High
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.
CVE-2024-37507 1 Themewinter 1 Eventin 2025-08-11 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57.
CVE-2024-39648 2 Themewinter, Wordpress 2 Eventin, Wordpress 2025-08-11 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 4.0.5.