Export limit exceeded: 342311 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342311 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3999 | 4 Debian, Gnu, Netapp and 1 more | 16 Debian Linux, Glibc, E-series Performance Analyzer and 13 more | 2025-12-02 | 7.8 High |
| A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | ||||
| CVE-2021-39263 | 3 Debian, Redhat, Tuxera | 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more | 2025-12-02 | 6.7 Medium |
| A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. | ||||
| CVE-2021-39262 | 3 Debian, Redhat, Tuxera | 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more | 2025-12-02 | 6.7 Medium |
| A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. | ||||
| CVE-2025-51736 | 1 Hcltech | 1 Unica | 2025-12-02 | 6.3 Medium |
| File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0. | ||||
| CVE-2025-51735 | 1 Hcltech | 1 Unica | 2025-12-02 | 7.5 High |
| CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. | ||||
| CVE-2025-51734 | 1 Hcltech | 1 Unica | 2025-12-02 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0. | ||||
| CVE-2025-51733 | 1 Hcltech | 1 Unica | 2025-12-02 | 5.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. | ||||
| CVE-2023-6659 | 1 Campcodes | 1 Online College Library System | 2025-12-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Campcodes Web-Based Student Clearance System 1.0. This issue affects some unknown processing of the file /libsystem/login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247367. | ||||
| CVE-2023-52177 | 1 Softlabbd | 1 Integrate Google Drive | 2025-12-02 | 5.4 Medium |
| Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3. | ||||
| CVE-2025-64515 | 1 Maykinmedia | 1 Open Forms | 2025-12-02 | 4.3 Medium |
| Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields are marked as readonly and cannot be modified through the user interface. This issue has been patched in versions 3.2.7 and 3.3.3. | ||||
| CVE-2025-11446 | 1 Upkeeper | 1 Upkeeper Manager | 2025-12-02 | 6.5 Medium |
| Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12. | ||||
| CVE-2025-52666 | 2 Revive, Revive-adserver | 2 Adserver, Revive Adserver | 2025-12-02 | N/A |
| Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error. | ||||
| CVE-2025-9825 | 1 Gitlab | 1 Gitlab | 2025-12-02 | 5 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API. | ||||
| CVE-2025-52667 | 2 Revive, Revive-adserver | 2 Adserver, Revive Adserver | 2025-12-02 | 5.4 Medium |
| Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user. | ||||
| CVE-2025-52668 | 2 Revive, Revive-adserver | 2 Adserver, Revive Adserver | 2025-12-02 | 5.4 Medium |
| Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack. | ||||
| CVE-2025-52669 | 2 Revive, Revive-adserver | 2 Adserver, Revive Adserver | 2025-12-02 | N/A |
| Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system. | ||||
| CVE-2025-52670 | 2 Revive, Revive-adserver | 2 Adserver, Revive Adserver | 2025-12-02 | 6.5 Medium |
| Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts | ||||
| CVE-2023-5678 | 2 Openssl, Redhat | 5 Openssl, Enterprise Linux, Jboss Core Services and 2 more | 2025-12-02 | 5.3 Medium |
| Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | ||||
| CVE-2023-5363 | 4 Debian, Netapp, Openssl and 1 more | 16 Debian Linux, H300s, H300s Firmware and 13 more | 2025-12-02 | 7.5 High |
| Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue. | ||||
| CVE-2023-46219 | 3 Fedoraproject, Haxx, Redhat | 3 Fedora, Curl, Jboss Core Services | 2025-12-02 | 5.3 Medium |
| When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. | ||||