Export limit exceeded: 17354 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341925 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341925 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52877 | 1 Jetbrains | 1 Teamcity | 2025-06-27 | 4.8 Medium |
| In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible | ||||
| CVE-2025-52879 | 1 Jetbrains | 1 Teamcity | 2025-06-27 | 4.8 Medium |
| In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible | ||||
| CVE-2025-52558 | 1 Dgtlmoon | 1 Changedetection.io | 2025-06-27 | N/A |
| changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting (XSS) vulnerability. This issue has been patched in version 0.50.4 | ||||
| CVE-2023-47298 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 4.3 Medium |
| An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses. | ||||
| CVE-2025-4563 | 1 Kubernetes | 1 Kubernetes | 2025-06-27 | 2.7 Low |
| A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation. | ||||
| CVE-2023-47297 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations. | ||||
| CVE-2023-47031 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component. | ||||
| CVE-2025-52967 | 1 Lfprojects | 1 Mlflow | 2025-06-27 | 5.8 Medium |
| gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. | ||||
| CVE-2023-47030 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists. | ||||
| CVE-2023-47032 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. | ||||
| CVE-2025-52968 | 1 Freedesktop | 1 Xdg-utils | 2025-06-27 | 2.7 Low |
| xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin. | ||||
| CVE-2023-47295 | 1 Ncr | 1 Terminal Handler | 2025-06-27 | 9.8 Critical |
| A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings. | ||||
| CVE-2025-50349 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-06-27 | 7.5 High |
| PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php. | ||||
| CVE-2025-2171 | 1 Aviatrix | 1 Controller | 2025-06-27 | N/A |
| Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN | ||||
| CVE-2025-53166 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53165 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53164 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53163 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53162 | 2025-06-27 | N/A | ||
| Not used | ||||
| CVE-2025-53161 | 2025-06-27 | N/A | ||
| Not used | ||||