Export limit exceeded: 364799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364799 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1410 | 1 Cisco | 1 Webex Meetings | 2025-08-05 | 4.3 Medium |
| A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to modify an existing distribution list. A successful exploit could allow the attacker to modify a distribution list that belongs to a user other than themselves.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2021-1132 | 1 Cisco | 1 Network Services Orchestrator | 2025-08-05 | 5.3 Medium |
| A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2025-54980 | 2025-08-05 | N/A | ||
| Not used | ||||
| CVE-2025-54979 | 2025-08-05 | N/A | ||
| Not used | ||||
| CVE-2025-54978 | 2025-08-05 | N/A | ||
| Not used | ||||
| CVE-2025-54977 | 2025-08-05 | N/A | ||
| Not used | ||||
| CVE-2025-54976 | 2025-08-05 | N/A | ||
| Not used | ||||
| CVE-2025-54975 | 2025-08-05 | N/A | ||
| Not used | ||||
| CVE-2025-54974 | 2025-08-05 | N/A | ||
| Not used | ||||
| CVE-2025-54797 | 2025-08-05 | N/A | ||
| This CVE is a duplicate of CVE-2025-52464. | ||||
| CVE-2025-50065 | 1 Oracle | 1 Graalvm For Jdk | 2025-08-04 | 3.7 Low |
| Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). The supported version that is affected is Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2025-30752 | 1 Oracle | 4 Graalvm For Jdk, Java Se, Jdk and 1 more | 2025-08-04 | 3.7 Low |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java SE: 24.0.1; Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2025-40686 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php. | ||||
| CVE-2025-40685 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php. | ||||
| CVE-2025-40684 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php. | ||||
| CVE-2025-40683 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccity' parameter in /city.php. | ||||
| CVE-2025-40682 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | 9.8 Critical |
| SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint. | ||||
| CVE-2018-18748 | 1 Sandboxie-plus | 1 Sandboxie | 2025-08-04 | N/A |
| Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality | ||||
| CVE-2024-52538 | 1 Dell | 2 Avamar Data Store, Avamar Server | 2025-08-04 | 7.6 High |
| Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2024-47977 | 1 Dell | 2 Avamar Data Store, Avamar Server | 2025-08-04 | 7.1 High |
| Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | ||||