Export limit exceeded: 343486 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343486 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343486 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55745 | 1 Unopim | 1 Unopim | 2025-08-23 | N/A |
| UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported CSV files. When the CSV file is opened in spreadsheet applications such as Microsoft Excel, the malicious input may be interpreted as a formula or command, potentially resulting in the execution of arbitrary code on the victim's device. Successful exploitation can lead to remote code execution, including the establishment of a reverse shell. Users are advised to upgrade to version 0.3.1 or later. | ||||
| CVE-2025-55741 | 1 Unopim | 1 Unopim | 2025-08-23 | 8.1 High |
| UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist. | ||||
| CVE-2024-56179 | 1 Microsoft | 1 Windows | 2025-08-23 | 7.8 High |
| In MindManager Windows versions prior to 24.1.150, attackers could potentially write to unexpected directories in victims' machines via directory traversal if victims opened file attachments located in malicious mmap files. | ||||
| CVE-2025-58043 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-58042 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-58041 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-58040 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-58039 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-58038 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-58037 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-58036 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-58035 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-24469 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-24468 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-22864 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-22863 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-22861 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-22860 | 2025-08-23 | N/A | ||
| Not used | ||||
| CVE-2025-8193 | 2025-08-22 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2014-0758 | 1 Iconics | 1 Genesis32 | 2025-08-22 | N/A |
| An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. | ||||