Export limit exceeded: 330255 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (330255 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7750 | 1 Anisha | 1 Online Appointment Booking System | 2025-07-18 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/adddoctorclinic.php. The manipulation of the argument clinic leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-53651 | 1 Jenkins | 1 Html Publisher | 2025-07-18 | 6.3 Medium |
| Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log. | ||||
| CVE-2025-53650 | 1 Jenkins | 1 Credentials Binding | 2025-07-18 | 7.3 High |
| Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log. | ||||
| CVE-2025-44526 | 1 Realtek | 2 Rtl8762e Software Development Kit, Rtl8762ekf-evb | 2025-07-18 | 6.5 Medium |
| Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet. | ||||
| CVE-2025-53653 | 1 Jenkins | 1 Aqua Security Scanner | 2025-07-18 | 4.3 Medium |
| Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53654 | 1 Jenkins | 1 Statistics Gatherer | 2025-07-18 | 6.5 Medium |
| Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2025-53655 | 1 Jenkins | 1 Statistics Gatherer | 2025-07-18 | 5.3 Medium |
| Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2025-53660 | 1 Jenkins | 1 Qmetry Test Management | 2025-07-18 | 4.3 Medium |
| Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-53659 | 1 Jenkins | 1 Qmetry Test Management | 2025-07-18 | 6.5 Medium |
| Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53658 | 1 Jenkins | 1 Applitools Eyes | 2025-07-18 | 5.4 Medium |
| Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2025-53657 | 1 Jenkins | 1 Readyapi Functional Testing | 2025-07-18 | 4.3 Medium |
| Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, client secrets, and passwords displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-53656 | 1 Jenkins | 1 Readyapi Functional Testing | 2025-07-18 | 6.5 Medium |
| Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53661 | 1 Jenkins | 1 Testsigma Test Plan Run | 2025-07-18 | 4.3 Medium |
| Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-53662 | 1 Jenkins | 1 Ifttt Build Notifier | 2025-07-18 | 6.5 Medium |
| Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53663 | 1 Jenkins | 1 Ibm Cloud Devops | 2025-07-18 | 6.5 Medium |
| Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-51630 | 1 Totolink | 2 N350rt, N350rt Firmware | 2025-07-18 | 9.8 Critical |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules. | ||||
| CVE-2025-7749 | 1 Anisha | 1 Online Appointment Booking System | 2025-07-18 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /admin/getmanagerregion.php. The manipulation of the argument city leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7095 | 1 Comodo | 1 Internet Security | 2025-07-18 | 3.7 Low |
| A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-20965 | 1 Samsung | 1 Bixby | 2025-07-18 | 6.2 Medium |
| Improper handling of insufficient permission in Bixby wakeup prior to version 2.3.74.8 allows local attackers to access sensitive data. | ||||
| CVE-2025-47229 | 1 Gnu | 1 Pspp | 2025-07-18 | 2.9 Low |
| libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/variable.c code. | ||||