Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364612 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56132 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2025-07-31 | 8.4 High |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | ||||
| CVE-2024-56133 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2025-07-31 | 8.4 High |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | ||||
| CVE-2024-56134 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2025-07-31 | 8.4 High |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | ||||
| CVE-2024-56135 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2025-07-31 | 8.4 High |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | ||||
| CVE-2025-1007 | 1 Eclipse | 1 Open Vsx | 2025-07-31 | 5.3 Medium |
| In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in /user/namespace/{namespace}/details/logo and allowed a user to change the logo. | ||||
| CVE-2025-20153 | 1 Cisco | 1 Secure Email Gateway | 2025-07-31 | 5.8 Medium |
| A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device. This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device. | ||||
| CVE-2025-54829 | 2025-07-31 | N/A | ||
| Not used | ||||
| CVE-2025-54828 | 2025-07-31 | N/A | ||
| Not used | ||||
| CVE-2025-54827 | 2025-07-31 | N/A | ||
| Not used | ||||
| CVE-2025-54826 | 2025-07-31 | N/A | ||
| Not used | ||||
| CVE-2025-54825 | 2025-07-31 | N/A | ||
| Not used | ||||
| CVE-2025-54824 | 2025-07-31 | N/A | ||
| Not used | ||||
| CVE-2025-54823 | 2025-07-31 | N/A | ||
| Not used | ||||
| CVE-2023-41674 | 2025-07-31 | N/A | ||
| Not used | ||||
| CVE-2025-7356 | 2025-07-30 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-11478 | 2025-07-30 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-1793 | 1 Llamaindex | 1 Llamaindex | 2025-07-30 | 9.1 Critical |
| Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application. | ||||
| CVE-2025-3108 | 1 Llamaindex | 1 Llamaindex | 2025-07-30 | 7.5 High |
| A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritizes deserialization using pickle.loads(), which can execute arbitrary code when processing untrusted data. Attackers can exploit this by crafting malicious payloads to achieve full system compromise. The root cause includes an insecure fallback mechanism, lack of validation or safeguards, misleading design, and violation of Python security guidelines. | ||||
| CVE-2025-3044 | 1 Llamaindex | 1 Llamaindex | 2025-07-30 | N/A |
| A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in version 0.12.28. | ||||
| CVE-2025-3046 | 1 Llamaindex | 1 Llamaindex | 2025-07-30 | N/A |
| A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information. | ||||