Export limit exceeded: 344011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344011 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8797 | 2 Litmus Project, Litmuschaos | 2 Litmus, Litmus | 2025-09-02 | 6.3 Medium |
| A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8812 | 2 Atjiu, Pybbs Project | 2 Pybbs, Pybbs | 2025-09-02 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-8813 | 2 Atjiu, Pybbs Project | 2 Pybbs, Pybbs | 2025-09-02 | 3.5 Low |
| A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-8814 | 2 Atjiu, Pybbs Project | 2 Pybbs, Pybbs | 2025-09-02 | 4.3 Medium |
| A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-3733 | 1 Baguettebox.js Project | 1 Baguettebox.js | 2025-09-02 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1. | ||||
| CVE-2025-3734 | 1 Stage File Proxy Project | 1 Stage File Proxy | 2025-09-02 | 5.9 Medium |
| Allocation of Resources Without Limits or Throttling vulnerability in Drupal Stage File Proxy allows Flooding.This issue affects Stage File Proxy: from 0.0.0 before 3.1.5. | ||||
| CVE-2025-3735 | 1 Panelizer \(obsolete\) Project | 1 Panelizer \(obsolete\) | 2025-09-02 | 5.9 Medium |
| Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*. | ||||
| CVE-2025-3736 | 1 Simple Gtm Project | 1 Simple Gtm | 2025-09-02 | 5.9 Medium |
| Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*. | ||||
| CVE-2025-3737 | 1 Google Maps\ | 1 Store Locator Project | 2025-09-02 | 5.9 Medium |
| Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*. | ||||
| CVE-2024-33663 | 2 Python-jose Project, Redhat | 2 Python-jose, Ansible Automation Platform | 2025-09-02 | 6.5 Medium |
| python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. | ||||
| CVE-2025-3738 | 1 Google Optimize Project | 1 Google Optimize | 2025-09-02 | 5.9 Medium |
| Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*. | ||||
| CVE-2025-3903 | 1 Ueditor Project | 1 Ueditor | 2025-09-02 | 7.3 High |
| Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器: *.*. | ||||
| CVE-2025-3904 | 1 Sportsleague Project | 1 Sportsleague | 2025-09-02 | 7.3 High |
| Vulnerability in Drupal Sportsleague.This issue affects Sportsleague: *.*. | ||||
| CVE-2025-3907 | 1 Drunkenmonkey | 1 Search Api Solr | 2025-09-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9. | ||||
| CVE-2024-52888 | 1 Checkpoint | 3 Gaia Os, Mobile Access, Remote Access Vpn | 2025-09-02 | 5.4 Medium |
| For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties. | ||||
| CVE-2024-52887 | 1 Checkpoint | 3 Gaia Os, Mobile Access, Remote Access Vpn | 2025-09-02 | 3.5 Low |
| Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. | ||||
| CVE-2024-33664 | 1 Python-jose Project | 1 Python-jose | 2025-09-02 | 5.3 Medium |
| python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319. | ||||
| CVE-2025-31689 | 1 General Data Protection Regulation Project | 1 General Data Protection Regulation | 2025-09-02 | 8.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2. | ||||
| CVE-2025-31690 | 1 Cache Utility Project | 1 Cache Utility | 2025-09-02 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1. | ||||
| CVE-2025-31691 | 1 Oauth2 Server Project | 1 Oauth2 Server | 2025-09-02 | 9.8 Critical |
| Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0. | ||||