Export limit exceeded: 363662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363662 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-21089 1 Openharmony 1 Openharmony 2025-07-12 3.3 Low
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-22443 1 Openharmony 1 Openharmony 2025-07-12 3.3 Low
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-22837 1 Openharmony 1 Openharmony 2025-07-12 3.3 Low
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.
CVE-2025-22841 1 Openharmony 1 Openharmony 2025-07-12 3.3 Low
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-22897 1 Openharmony 1 Openharmony 2025-07-12 3.3 Low
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.
CVE-2025-23024 1 Glpi-project 1 Glpi 2025-07-12 N/A
GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` file.
CVE-2025-23240 1 Openharmony 1 Openharmony 2025-07-12 3.8 Low
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
CVE-2025-23409 1 Openharmony 1 Openharmony 2025-07-12 3.8 Low
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
CVE-2025-24023 1 Dpgaspar 1 Flask-appbuilder 2025-07-12 3.7 Low
Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.
CVE-2025-24408 1 Adobe 1 Adobe Commerce 2025-07-12 6.5 Medium
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.
CVE-2025-24972 1 Discourse 1 Discourse 2025-07-12 4.3 Medium
Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions `3.3.4` and `3.4.0.beta5` contain a patch for the issue. A workaround is available. If a user disables chat in their preferences then they cannot be added to new group chats.
CVE-2025-25185 1 Binary-husky 1 Gpt Academic 2025-07-12 7.5 High
GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server.
CVE-2025-25301 1 Danielgatis 1 Rembg 2025-07-12 N/A
Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg server. This issue may lead to Information Disclosure.
CVE-2025-26374 1 Q-free 1 Maxtime 2025-07-12 6.5 Medium
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
CVE-2025-27590 1 Oxidized Web Project 1 Oxidized Web 2025-07-12 9 Critical
In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.
CVE-2025-53879 2025-07-12 N/A
Not used
CVE-2025-53878 2025-07-12 N/A
Not used
CVE-2025-53877 2025-07-12 N/A
Not used
CVE-2025-53876 2025-07-12 N/A
Not used
CVE-2025-53875 2025-07-12 N/A
Not used