Export limit exceeded: 10718 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363139 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363139 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 14740 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12589 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12589 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3115 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 5.4 Medium |
| An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories. | ||||
| CVE-2023-0989 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. | ||||
| CVE-2025-54339 | 1 Desktopalert | 2 Pingalert, Pingalert Application Server | 2025-11-19 | 10 Critical |
| An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges. | ||||
| CVE-2025-54343 | 1 Desktopalert | 2 Pingalert, Pingalert Application Server | 2025-11-19 | 9.6 Critical |
| An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges. | ||||
| CVE-2025-0364 | 1 Bigantsoft | 1 Bigant Server | 2025-11-19 | 9.8 Critical |
| BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution. | ||||
| CVE-2024-28390 | 1 Advancedplugins | 1 Ultimateimagetool | 2025-11-19 | 9.8 Critical |
| An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. | ||||
| CVE-2024-6364 | 1 Absolute | 1 Persistence | 2025-11-19 | 6.4 Medium |
| A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and full hostile network control, to initiate OS commands on the device. To remediate this vulnerability, update the device firmware to the latest available version. Please contact the device manufacturer for upgrade instructions or contact Absolute Security, see reference below. | ||||
| CVE-2015-6867 | 1 Opentext | 1 Vertica | 2025-11-19 | N/A |
| The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. | ||||
| CVE-2023-51767 | 3 Fedoraproject, Openbsd, Redhat | 3 Fedora, Openssh, Enterprise Linux | 2025-11-18 | 7 High |
| OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectural weaknesses." | ||||
| CVE-2025-45237 | 1 Dbsyncer Project | 1 Dbsyncer | 2025-11-18 | 7.5 High |
| Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password. | ||||
| CVE-2025-63666 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-11-18 | 9.8 Critical |
| Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources. | ||||
| CVE-2024-30148 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 4.1 Medium |
| Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. | ||||
| CVE-2025-34298 | 1 Nagios | 1 Log Server | 2025-11-17 | 8.8 High |
| Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls. | ||||
| CVE-2025-10081 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Management System | 2025-11-17 | 4.7 Medium |
| A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2025-10085 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-11-17 | 6.3 Medium |
| A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-10083 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-11-17 | 6.3 Medium |
| A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2024-46990 | 2 Directus, Monospace | 2 Directus, Directus | 2025-11-17 | 5 Medium |
| Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using other registered loopback devices (like `127.0.0.2` - `127.127.127.127`). This issue has been addressed in release versions 10.13.3 and 11.1.0. Users are advised to upgrade. Users unable to upgrade may block this bypass by manually adding the `127.0.0.0/8` CIDR range which will block access to any `127.X.X.X` ip instead of just `127.0.0.1`. | ||||
| CVE-2025-11942 | 1 70mai | 2 X200, X200 Firmware | 2025-11-17 | 7.3 High |
| A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-13061 | 2 Angeljudesuarez, Itsourcecode | 2 Online Voting System, Online Voting System | 2025-11-17 | 6.3 Medium |
| A vulnerability was detected in itsourcecode Online Voting System 1.0. This impacts an unknown function of the file /index.php?page=manage_voting. Performing manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2025-46362 | 1 Dell | 1 Alienware Command Center | 2025-11-17 | 6.6 Medium |
| Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering. | ||||