Export limit exceeded: 363250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-22270 2 Apple, Vmware 3 Macos, Fusion, Workstation 2025-06-27 7.1 High
VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
CVE-2024-22269 2 Apple, Vmware 3 Macos, Fusion, Workstation 2025-06-27 7.1 High
VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
CVE-2024-24401 1 Nagios 1 Nagios Xi 2025-06-27 9.8 Critical
SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.
CVE-2025-27585 1 Serosoft 1 Academia Student Information System 2025-06-27 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update.
CVE-2024-27297 1 Nixos 1 Nix 2025-06-27 6.3 Medium
Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-53382 1 Prismjs 1 Prism 2025-06-27 4.9 Medium
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
CVE-2024-53386 1 Piqnt 1 Stage.js 2025-06-27 4.9 Medium
Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
CVE-2025-27520 1 Bentoml 1 Bentoml 2025-06-27 9.8 Critical
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It exists an unsafe code segment in serde.py. This vulnerability is fixed in 1.4.3.
CVE-2025-3531 1 Youdiancms 1 Youdiancms 2025-06-27 4.3 Medium
A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3532 1 Youdiancms 1 Youdiancms 2025-06-27 4.3 Medium
A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3533 1 Youdiancms 1 Youdiancms 2025-06-27 4.3 Medium
A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-23137 1 Linux 1 Linux Kernel 2025-06-27 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update Check if policy is NULL before dereferencing it in amd_pstate_update.
CVE-2025-52875 1 Jetbrains 1 Teamcity 2025-06-27 5.4 Medium
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
CVE-2025-52878 1 Jetbrains 1 Teamcity 2025-06-27 4.3 Medium
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
CVE-2025-52877 1 Jetbrains 1 Teamcity 2025-06-27 4.8 Medium
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
CVE-2025-52879 1 Jetbrains 1 Teamcity 2025-06-27 4.8 Medium
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
CVE-2023-47298 1 Ncr 1 Terminal Handler 2025-06-27 4.3 Medium
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.
CVE-2023-47297 1 Ncr 1 Terminal Handler 2025-06-27 9.8 Critical
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.
CVE-2023-47031 1 Ncr 1 Terminal Handler 2025-06-27 9.8 Critical
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.
CVE-2023-47030 1 Ncr 1 Terminal Handler 2025-06-27 9.8 Critical
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.