Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364612 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-56132 1 Progress 2 Loadmaster, Multi-tenant Loadmaster 2025-07-31 8.4 High
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
CVE-2024-56133 1 Progress 2 Loadmaster, Multi-tenant Loadmaster 2025-07-31 8.4 High
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
CVE-2024-56134 1 Progress 2 Loadmaster, Multi-tenant Loadmaster 2025-07-31 8.4 High
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
CVE-2024-56135 1 Progress 2 Loadmaster, Multi-tenant Loadmaster 2025-07-31 8.4 High
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
CVE-2025-1007 1 Eclipse 1 Open Vsx 2025-07-31 5.3 Medium
In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in /user/namespace/{namespace}/details/logo and allowed a user to change the logo.
CVE-2025-20153 1 Cisco 1 Secure Email Gateway 2025-07-31 5.8 Medium
A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.   This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device.
CVE-2025-54829 2025-07-31 N/A
Not used
CVE-2025-54828 2025-07-31 N/A
Not used
CVE-2025-54827 2025-07-31 N/A
Not used
CVE-2025-54826 2025-07-31 N/A
Not used
CVE-2025-54825 2025-07-31 N/A
Not used
CVE-2025-54824 2025-07-31 N/A
Not used
CVE-2025-54823 2025-07-31 N/A
Not used
CVE-2023-41674 2025-07-31 N/A
Not used
CVE-2025-7356 2025-07-30 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-11478 2025-07-30 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-1793 1 Llamaindex 1 Llamaindex 2025-07-30 9.1 Critical
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
CVE-2025-3108 1 Llamaindex 1 Llamaindex 2025-07-30 7.5 High
A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritizes deserialization using pickle.loads(), which can execute arbitrary code when processing untrusted data. Attackers can exploit this by crafting malicious payloads to achieve full system compromise. The root cause includes an insecure fallback mechanism, lack of validation or safeguards, misleading design, and violation of Python security guidelines.
CVE-2025-3044 1 Llamaindex 1 Llamaindex 2025-07-30 N/A
A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in version 0.12.28.
CVE-2025-3046 1 Llamaindex 1 Llamaindex 2025-07-30 N/A
A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information.