Export limit exceeded: 363701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-6344 1 Zkteco 1 Zkbiosecurity V5000 2025-07-10 2.4 Low
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The vendor explains, that "[s]ince ZKBio CVSecurity v5000 has been withdrawn from the market, we recommend upgrading to ZKBio CVSecurity V6600 6.1.3_R or above". This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-53753 2025-07-10 N/A
Not used
CVE-2025-53752 2025-07-10 N/A
Not used
CVE-2025-53751 2025-07-10 N/A
Not used
CVE-2025-53750 2025-07-10 N/A
Not used
CVE-2025-53749 2025-07-10 N/A
Not used
CVE-2025-53748 2025-07-10 N/A
Not used
CVE-2025-53747 2025-07-10 N/A
Not used
CVE-2025-53746 2025-07-10 N/A
Not used
CVE-2025-52900 1 Filebrowser 1 Filebrowser 2025-07-10 5.5 Medium
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the database used by File Browser. On standard servers using File Browser prior to version 2.33.7 where the umask configuration has not been hardened before, this makes all the stated files readable by any operating system account. Version 2.33.7 fixes the issue.
CVE-2025-52902 1 Filebrowser 1 Filebrowser 2025-07-10 7.6 High
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting (XSS). Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser. Version 2.33.7 contains a fix for the issue.
CVE-2025-6701 1 Xuxueli 1 Xxl-sso 2025-07-10 3.5 Low
A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirect_url leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-6702 1 Linlinjava 1 Litemall 2025-07-10 4.3 Medium
A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-52928 2 Microsoft, Thebrowser 2 Windows, Arc 2025-07-10 9.6 Critical
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.
CVE-2025-6843 1 Fabian 1 Simple Photo Gallery 2025-07-10 7.3 High
A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6280 1 Superagi 1 Superagi 2025-07-09 5.5 Medium
A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.
CVE-2025-0646 2025-07-09 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-10391 2025-07-09 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-3025 1 Mintplexlabs 1 Anythingllm 2025-07-09 N/A
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.
CVE-2024-3101 1 Mintplexlabs 1 Anythingllm 2025-07-09 7.2 High
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access.