Export limit exceeded: 342305 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342305 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64695 | 3 Logstare, Microsoft, Secuavail | 3 Collector, Windows, Logstare Collector | 2025-12-02 | N/A |
| Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitrary code may be executed with the privilege of the user invoking the installer. | ||||
| CVE-2025-8291 | 1 Python | 1 Cpython | 2025-12-02 | 4.3 Medium |
| The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value. | ||||
| CVE-2025-33196 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 4.4 Medium |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2025-33197 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 4.3 Medium |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-33198 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 3.3 Low |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2025-33199 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 3.2 Low |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering. | ||||
| CVE-2025-33200 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 2.3 Low |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2024-45370 | 1 Socomec | 1 Easy Config System | 2025-12-02 | 7.3 High |
| An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability. | ||||
| CVE-2025-8351 | 2 Apple, Avast | 2 Macos, Antivirus | 2025-12-02 | 9 Critical |
| Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98. | ||||
| CVE-2025-7007 | 3 Apple, Avast, Linux | 3 Macos, Antivirus, Linux | 2025-12-02 | 7.5 High |
| NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3. | ||||
| CVE-2025-58484 | 1 Samsung | 4 Assistant, Cloud, Mobile and 1 more | 2025-12-02 | 4 Medium |
| Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox. | ||||
| CVE-2025-13829 | 1 Ngsurvey | 1 Ngsurvey | 2025-12-02 | N/A |
| Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: * APIKEY (1 year user Session) * RefreshToken (10 minutes user Session) * Password hashed with bcrypt * User IP * Email * Full Name | ||||
| CVE-2025-13697 | 2 Wordpress, Wpblockart | 2 Wordpress, Blockart Blocks | 2025-12-02 | 6.4 Medium |
| The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘timestamp’ attribute in all versions up to, and including, 2.2.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12529 | 2 Stylemixthemes, Wordpress | 2 Cost Calculator Builder, Wordpress | 2025-12-02 | 8.8 High |
| The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles() function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths into the orders that are removed, when an administrator deletes them. This can lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability requires the Cost Calculator Builder Pro version to be installed along with the free version in order to be exploitable. | ||||
| CVE-2025-13387 | 2 Kadencewp, Wordpress | 2 Kadence Woocommerce Email Designer, Wordpress | 2025-12-02 | 7.2 High |
| The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-11772 | 1 Synaptics | 1 Fingerprint Driver | 2025-12-02 | 6.6 Medium |
| A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation. | ||||
| CVE-2025-13606 | 2 Smackcoders, Wordpress | 2 Export All Posts, Products, Orders, Refunds & Users, Wordpress | 2025-12-02 | 6.5 Medium |
| The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the `parseData` function. This makes it possible for unauthenticated attackers to export sensitive information including user data, email addresses, password hashes, and WooCommerce data to an attacker-controlled file path on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-13653 | 1 Search-guard | 1 Search Guard | 2025-12-02 | 4.3 Medium |
| In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges. | ||||
| CVE-2025-13315 | 3 Linux, Lynxtechnology, Microsoft | 4 Linux, Linux Kernel, Twonky Server and 1 more | 2025-12-02 | 9.8 Critical |
| Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password. | ||||
| CVE-2025-54866 | 2 Microsoft, Wazuh | 2 Windows, Wazuh | 2025-12-02 | 5.5 Medium |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files (x86)\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the local machine. This issue has been patched in version 4.13.0. | ||||