Export limit exceeded: 342457 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342457 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1566 | 1 Google | 1 Chrome Os | 2025-07-08 | 7.5 High |
| DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions. | ||||
| CVE-2025-1568 | 1 Google | 1 Chrome Os | 2025-07-08 | 8.8 High |
| Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config. | ||||
| CVE-2021-28967 | 1 Gimly | 1 Matlab | 2025-07-08 | 9.8 Critical |
| The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings. | ||||
| CVE-2024-29215 | 1 Mattermost | 1 Mattermost Server | 2025-07-08 | 4.3 Medium |
| Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook task command. | ||||
| CVE-2018-1000875 | 1 Universityofcalifornia | 1 Boinc Server | 2025-07-08 | 9.8 Critical |
| Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3. | ||||
| CVE-2025-4981 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-07-08 | 9.9 Critical |
| Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default. | ||||
| CVE-2025-4573 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-07-08 | 4.1 Medium |
| Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT /api/v4/ldap/groups/{remote_id}/link API when objectGUID is configured as the Group ID Attribute. | ||||
| CVE-2025-5957 | 2025-07-08 | 5.3 Medium | ||
| The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete arbitrary support tickets. | ||||
| CVE-2025-29001 | 2025-07-08 | 4.3 Medium | ||
| Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7. | ||||
| CVE-2024-55965 | 1 Appsmith | 1 Appsmith | 2025-07-08 | 6.5 Medium |
| An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys. | ||||
| CVE-2013-2298 | 1 Universityofcalifornia | 1 Boinc Client | 2025-07-08 | N/A |
| Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler. | ||||
| CVE-2013-2019 | 1 Universityofcalifornia | 1 Boinc Client | 2025-07-08 | N/A |
| Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements. | ||||
| CVE-2011-5280 | 1 Universityofcalifornia | 1 Boinc Client | 2025-07-08 | N/A |
| Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp. | ||||
| CVE-2024-58128 | 1 Misp | 1 Misp | 2025-07-08 | 5.5 Medium |
| In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link. | ||||
| CVE-2013-2018 | 1 Universityofcalifornia | 1 Boinc Client | 2025-07-08 | 9.8 Critical |
| Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2024-58129 | 1 Misp | 1 Misp | 2025-07-08 | 5.5 Medium |
| In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page. | ||||
| CVE-2013-7386 | 1 Universityofcalifornia | 1 Boinc Client | 2025-07-08 | N/A |
| Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file. | ||||
| CVE-2025-20202 | 1 Cisco | 1 Ios Xe | 2025-07-08 | 7.4 High |
| A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of access point (AP) Cisco Discovery Protocol (CDP) neighbor reports when they are processed by the wireless controller. An attacker could exploit this vulnerability by sending a crafted CDP packet to an AP. A successful exploit could allow the attacker to cause an unexpected reload of the wireless controller that is managing the AP, resulting in a DoS condition that affects the wireless network. | ||||
| CVE-2025-3611 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-07-08 | 3.1 Low |
| Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team endpoints, even when explicitly configured with 'No access' to Teams in the System Console. | ||||
| CVE-2025-27130 | 1 Welcart | 1 Welcart E-commerce | 2025-07-08 | 8.8 High |
| Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product. | ||||