Export limit exceeded: 363662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363662 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21089 | 1 Openharmony | 1 Openharmony | 2025-07-12 | 3.3 Low |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | ||||
| CVE-2025-22443 | 1 Openharmony | 1 Openharmony | 2025-07-12 | 3.3 Low |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | ||||
| CVE-2025-22837 | 1 Openharmony | 1 Openharmony | 2025-07-12 | 3.3 Low |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference. | ||||
| CVE-2025-22841 | 1 Openharmony | 1 Openharmony | 2025-07-12 | 3.3 Low |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | ||||
| CVE-2025-22897 | 1 Openharmony | 1 Openharmony | 2025-07-12 | 3.3 Low |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow. | ||||
| CVE-2025-23024 | 1 Glpi-project | 1 Glpi | 2025-07-12 | N/A |
| GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` file. | ||||
| CVE-2025-23240 | 1 Openharmony | 1 Openharmony | 2025-07-12 | 3.8 Low |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | ||||
| CVE-2025-23409 | 1 Openharmony | 1 Openharmony | 2025-07-12 | 3.8 Low |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios. | ||||
| CVE-2025-24023 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-07-12 | 3.7 Low |
| Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3. | ||||
| CVE-2025-24408 | 1 Adobe | 1 Adobe Commerce | 2025-07-12 | 6.5 Medium |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-24972 | 1 Discourse | 1 Discourse | 2025-07-12 | 4.3 Medium |
| Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions `3.3.4` and `3.4.0.beta5` contain a patch for the issue. A workaround is available. If a user disables chat in their preferences then they cannot be added to new group chats. | ||||
| CVE-2025-25185 | 1 Binary-husky | 1 Gpt Academic | 2025-07-12 | 7.5 High |
| GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server. | ||||
| CVE-2025-25301 | 1 Danielgatis | 1 Rembg | 2025-07-12 | N/A |
| Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg server. This issue may lead to Information Disclosure. | ||||
| CVE-2025-26374 | 1 Q-free | 1 Maxtime | 2025-07-12 | 6.5 Medium |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests. | ||||
| CVE-2025-27590 | 1 Oxidized Web Project | 1 Oxidized Web | 2025-07-12 | 9 Critical |
| In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web. | ||||
| CVE-2025-53879 | 2025-07-12 | N/A | ||
| Not used | ||||
| CVE-2025-53878 | 2025-07-12 | N/A | ||
| Not used | ||||
| CVE-2025-53877 | 2025-07-12 | N/A | ||
| Not used | ||||
| CVE-2025-53876 | 2025-07-12 | N/A | ||
| Not used | ||||
| CVE-2025-53875 | 2025-07-12 | N/A | ||
| Not used | ||||