Export limit exceeded: 24864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24864 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40917 | 1 Linux | 1 Linux Kernel | 2025-10-03 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: memblock: make memblock_set_node() also warn about use of MAX_NUMNODES On an (old) x86 system with SRAT just covering space above 4Gb: ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0xfffffffff] hotplug the commit referenced below leads to this NUMA configuration no longer being refused by a CONFIG_NUMA=y kernel (previously NUMA: nodes only cover 6144MB of your 8185MB e820 RAM. Not used. No NUMA configuration found Faking a node at [mem 0x0000000000000000-0x000000027fffffff] was seen in the log directly after the message quoted above), because of memblock_validate_numa_coverage() checking for NUMA_NO_NODE (only). This in turn led to memblock_alloc_range_nid()'s warning about MAX_NUMNODES triggering, followed by a NULL deref in memmap_init() when trying to access node 64's (NODE_SHIFT=6) node data. To compensate said change, make memblock_set_node() warn on and adjust a passed in value of MAX_NUMNODES, just like various other functions already do. | ||||
| CVE-2025-5326 | 1 Zhilink | 1 Adp Application Developer Platform | 2025-10-03 | 6.3 Medium |
| A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adpweb/wechat/verifyToken/. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-54468 | 2 Rancher, Suse | 2 Rancher, Rancher | 2025-10-03 | 4.7 Medium |
| A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses. | ||||
| CVE-2025-40645 | 1 Viday | 1 Viday | 2025-10-03 | N/A |
| Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to “/api/reserva/web/clients” using the “phone” parameter. | ||||
| CVE-2025-2043 | 1 Pb-cms Project | 1 Pb-cms | 2025-10-03 | 4.7 Medium |
| A vulnerability was found in LinZhaoguan pb-cms 1.0.0 and classified as critical. This issue affects some unknown processing of the file /admin#themes of the component Add New Topic Handler. The manipulation of the argument Topic Key leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2014-2347 | 1 Amtelco | 1 Misecuremessages | 2025-10-02 | N/A |
| Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request. | ||||
| CVE-2014-2346 | 1 Copadata | 2 Zenon Dnp3 Ng Driver, Zenon Dnp3 Process Gateway | 2025-10-02 | N/A |
| COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate attackers to cause a denial of service (infinite loop and process crash) via crafted input over a serial line. | ||||
| CVE-2014-2345 | 1 Copadata | 2 Zenon Dnp3 Ng Driver, Zenon Dnp3 Process Gateway | 2025-10-02 | N/A |
| COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow remote attackers to cause a denial of service (infinite loop and process crash) by sending a crafted DNP3 packet over TCP. | ||||
| CVE-2014-2343 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-10-02 | N/A |
| Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. | ||||
| CVE-2014-2342 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-10-02 | N/A |
| Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. | ||||
| CVE-2024-45431 | 1 Opensynergy | 1 Blue Sdk | 2025-10-02 | 5.3 Medium |
| OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID (CID). An attacker can leverage this to create an L2CAP channel with the null identifier assigned as a remote CID. | ||||
| CVE-2025-10321 | 1 Wavlink | 2 Wl-wn578w2, Wl-wn578w2 Firmware | 2025-10-02 | 5.3 Medium |
| A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /live_online.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11149 | 2 @nubosoftware/node-static Project, Node-static Project | 2 @nubosoftware/node-static, Node-static | 2025-10-02 | 7.5 High |
| This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. | ||||
| CVE-2025-59940 | 2 Mkdocs, Mondeja | 2 Mkdocs, Mkdocs-include-markdown-plugin | 2025-10-02 | 6.5 Medium |
| mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8. | ||||
| CVE-2025-10744 | 2 Softdiscover, Wordpress | 2 File Manager Code Editor And Backup, Wordpress | 2025-10-02 | 5.3 Medium |
| The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and full paths to backup files information contained in the exposed log files. | ||||
| CVE-2025-54477 | 1 Joomla | 2 Joomla, Joomla! | 2025-10-02 | 5.3 Medium |
| Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method. | ||||
| CVE-2025-10155 | 1 Mmaitre314 | 1 Picklescan | 2025-10-02 | 7.8 High |
| An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code. | ||||
| CVE-2025-51643 | 1 Meitrack | 2 T366l-g, T366l-g Firmware | 2025-10-02 | 2.4 Low |
| Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of sensitive configuration data such as APN credentials, backend server information, and network parameter | ||||
| CVE-2025-40836 | 1 Ericsson | 2 Indoor Connect 8855, Indoor Connect 8855 Firmware | 2025-10-02 | 9.8 Critical |
| Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges. | ||||
| CVE-2025-46658 | 1 4cstrategies | 1 Exonaut | 2025-10-02 | 9.8 Critical |
| An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages. | ||||