Export limit exceeded: 11157 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11157 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31133 | 2 Linuxfoundation, Opencontainers | 2 Runc, Runc | 2025-12-03 | 7.8 High |
| runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3. | ||||
| CVE-2025-66225 | 1 Orangehrm | 1 Orangehrm | 2025-12-03 | 8.8 High |
| OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset link for any account they can receive email for, an attacker can alter the username parameter in the final reset request to target a different user. Because the system accepts the supplied username without verification, the attacker can set a new password for any chosen account, including privileged accounts, resulting in full account takeover. This issue has been patched in version 5.8. | ||||
| CVE-2025-66289 | 1 Orangehrm | 1 Orangehrm | 2025-12-03 | 8.8 High |
| OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, or an attacker using a compromised account, can continue to access protected pages and perform operations as long as a prior session remains active. Because the server performs no session revocation or session-store cleanup during these critical state changes, disabling an account or updating credentials has no effect on already-established sessions. This makes administrative disable actions ineffective and allows unauthorized users to retain full access even after an account is closed or a password is reset, exposing the system to prolonged unauthorized use and significantly increasing the impact of account takeover scenarios. This issue has been patched in version 5.8. | ||||
| CVE-2025-66221 | 2 Microsoft, Palletsprojects | 2 Windows, Werkzeug | 2025-12-03 | 5.3 Medium |
| Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been patched in version 3.1.4. | ||||
| CVE-2025-53896 | 2 Accellion, Kiteworks | 2 Kiteworks Managed File Transfer, Mft | 2025-12-03 | 7.1 High |
| Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0. | ||||
| CVE-2025-52670 | 2 Revive, Revive-adserver | 2 Adserver, Revive Adserver | 2025-12-02 | 6.5 Medium |
| Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts | ||||
| CVE-2025-33192 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 5.7 Medium |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-33199 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 3.2 Low |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering. | ||||
| CVE-2025-59789 | 1 Apache | 1 Brpc | 2025-12-02 | 7.5 High |
| Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser uses a recursive parsing method by default. If the input json has a large depth of recursive structure, the parser function may run into stack overflow. Affected Scenarios: Use bRPC server with protobuf message to serve http+json requests from untrusted network. Or directly use JsonToProtoMessage to convert json from untrusted input. How to Fix: (Choose one of the following options) 1. Upgrade bRPC to version 1.15.0, which fixes this issue. 2. Apply this patch: https://github.com/apache/brpc/pull/3099 Note: No matter which option you choose, you should know that the fix introduces a recursion depth limit with default value 100. It affects these functions: ProtoMessageToJson, ProtoMessageToProtoJson, JsonToProtoMessage, and ProtoJsonToProtoMessage. If your requests contain json or protobuf messages that have a depth exceeding the limit, the request will be failed after applying the fix. You can modify the gflag json2pb_max_recursion_depth to change the limit. | ||||
| CVE-2025-12766 | 1 Blackberry | 1 Athoc | 2025-12-01 | 5 Medium |
| An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry® AtHoc® (OnPrem) version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS). | ||||
| CVE-2025-60632 | 1 Free5gc | 1 Free5gc | 2025-12-01 | 6.5 Medium |
| An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API. | ||||
| CVE-2025-13768 | 1 Uniong | 1 Webitr | 2025-12-01 | 7.5 High |
| WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability. | ||||
| CVE-2025-64067 | 1 Primakon | 2 Pi Portal, Project Contract Management | 2025-12-01 | 5.3 Medium |
| Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data (e.g., user profiles, project records) fail to implement sufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset. This vulnerability can be exploited in two ways: Direct ID manipulation and IDOR, by changing an ID parameter (e.g., user_id, project_id) in the request, an attacker can access the object and data belonging to another user; and filter Omission, by omitting the filtering parameter entirely, an attacker can cause the endpoint to return an entire unfiltered dataset of all stored records for all users. This flaw leads to the unauthorized exposure of sensitive personal and organizational information. | ||||
| CVE-2025-65647 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-12-01 | 4.3 Medium |
| Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter. | ||||
| CVE-2025-46553 | 1 Misskey | 1 Summaly | 2025-12-01 | 6.1 Medium |
| @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue. | ||||
| CVE-2024-23683 | 1 Ls1intum | 1 Artemis Java Test Sandbox | 2025-11-28 | 8.2 High |
| Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | ||||
| CVE-2024-23682 | 1 Ls1intum | 1 Artemis Java Test Sandbox | 2025-11-28 | 8.2 High |
| Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | ||||
| CVE-2023-5844 | 1 Pimcore | 1 Admin Classic Bundle | 2025-11-28 | 7.2 High |
| Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. | ||||
| CVE-2023-30802 | 1 Sangfor | 1 Next-gen Application Firewall | 2025-11-28 | 5.3 Medium |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field. | ||||
| CVE-2025-27066 | 1 Qualcomm | 745 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 742 more | 2025-11-28 | 7.5 High |
| Transient DOS while processing an ANQP message. | ||||