Export limit exceeded: 341102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341102 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54384 | 1 Ckan | 1 Ckan | 2025-10-30 | 6.3 Medium |
| CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdown_extract() function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided data on dataset, resource, organization or group pages (plus any page provided by an extension that used that helper function), leading to a potential XSS vector. This vulnerability has been fixed in CKAN 2.10.9 and 2.11.4. | ||||
| CVE-2025-12461 | 1 Grupo Castilla | 1 Epsilon Rh | 2025-10-30 | N/A |
| This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which modules are installed. | ||||
| CVE-2025-12147 | 1 Search-guard | 1 Search Guard | 2025-10-30 | N/A |
| In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are improperly enforced on object-valued fields. When an FLS exclusion rule (e.g., ~field) is applied to a field which contains an object as its value, the object is correctly removed from the _source returned by search operations. However, the object members (i.e., child attributes) remain accessible to search queries. This exposure allows adversaries to infer or reconstruct the original contents of the excluded object. Workaround - If you cannot upgrade immediately and FLS exclusion rules are used for object valued attributes (like ~object), add an additional exclusion rule for the members of the object (like ~object.*). | ||||
| CVE-2025-12058 | 1 Keras | 1 Keras | 2025-10-30 | 5.5 Medium |
| The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF). This vulnerability stems from the way the StringLookup layer is handled during model loading from a specially crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can specify a local file path or a remote file path. * Arbitrary Local File Read: An attacker can create a malicious .keras file that embeds a local path in the StringLookup layer's configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files on the hosting system. * Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the server's behalf, resulting in an SSRF condition. The security issue is that the feature allowing external path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such unintended data access. | ||||
| CVE-2025-11881 | 2 Apppresser, Wordpress | 2 Apppresser, Wordpress | 2025-10-30 | 5.3 Medium |
| The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'myappp_verify' function in all versions up to, and including, 4.5.0. This makes it possible for unauthenticated attackers to extract sensitive data including plugin and theme names and version numbers, which can be used to facilitate targeted attacks against outdated or vulnerable components. | ||||
| CVE-2025-11627 | 1 Wordpress | 1 Wordpress | 2025-10-30 | 6.5 Medium |
| The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress is vulnerable to log file poisoning in all versions up to, and including, 1.47. This makes it possible for unauthenticated attackers to insert arbitrary content into log files, and potentially cause denial of service via disk space exhaustion. | ||||
| CVE-2025-10636 | 2 Nsthemes, Wordpress | 2 Ns Maintenance Mode For Wp, Wordpress | 2025-10-30 | 3.5 Low |
| The NS Maintenance Mode for WP WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-58269 | 1 Suse | 1 Rancher | 2025-10-30 | 4.3 Medium |
| A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs. | ||||
| CVE-2024-14012 | 2 Microsoft, Revenera | 2 Windows, Installshield | 2025-10-30 | N/A |
| Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privilege escalation. The issue has been fixed in versions 2023 R2 and later. | ||||
| CVE-2023-32199 | 1 Suse | 1 Rancher | 2025-10-30 | 4.3 Medium |
| A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs | ||||
| CVE-2025-12475 | 2 Creativethemes, Wordpress | 2 Blocksy Companion, Wordpress | 2025-10-30 | 6.4 Medium |
| The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksy_newsletter_subscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-7320 | 2 Automattic, Wordpress | 2 Woocommerce, Wordpress | 2025-10-30 | 5.3 Medium |
| The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract sensitive user information including PII(Personal Identifiable Information). | ||||
| CVE-2025-62797 | 1 Rathena | 1 Fluxcp | 2025-10-30 | N/A |
| FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery (CSRF) vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authorized solely by the session cookie without per-request anti-CSRF tokens or robust Origin/Referer validation. An attacker who can lure a logged-in user to an attacker-controlled page can cause that user to perform sensitive actions without their intent. This vulnerability is fixed with commit e3f130c. | ||||
| CVE-2025-62776 | 2 Microsoft, Wireless Tsukamoto | 2 Windows, Wtw Eagle | 2025-10-30 | N/A |
| The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | ||||
| CVE-2025-61161 | 1 Evope | 1 Collector | 2025-10-30 | 8.4 High |
| DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path (C:\ProgramData\Evope). This allows local unprivileged attackers to execute arbitrary code or escalate privileges to SYSTEM by placing a crafted DLL in that location. The vulnerable component is Evope.Service.exe, which runs with SYSTEM privileges and automatically loads the DLL on startup or reboot. | ||||
| CVE-2025-57227 | 2 Kingosoft, Root | 2 Kingo Root, Root | 2025-10-30 | 7.8 High |
| An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent folder. | ||||
| CVE-2025-54549 | 1 Arista | 1 Danz Monitoring Fabric | 2025-10-30 | 5.9 Medium |
| Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO | ||||
| CVE-2025-54548 | 1 Arista | 1 Danz Monitoring Fabric | 2025-10-30 | 4.3 Medium |
| On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes) | ||||
| CVE-2025-54471 | 1 Suse | 1 Neuvector | 2025-10-30 | 6.5 Medium |
| NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data. | ||||
| CVE-2025-54470 | 1 Suse | 1 Neuvector | 2025-10-30 | 8.6 High |
| This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when transmitting anonymous cluster data to the telemetry server. As a result, the communication channel is susceptible to man-in-the-middle (MITM) attacks, where an attacker could intercept or modify the transmitted data. Additionally, NeuVector loads the response of the telemetry server is loaded into memory without size limitation, which makes it vulnerable to a Denial of Service(DoS) attack | ||||