Export limit exceeded: 333408 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 333408 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333408 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4063 | 1 Fabian | 1 Student Information Management System | 2025-05-12 | 5.3 Medium |
| A vulnerability was found in code-projects Student Information Management System 1.0 and classified as critical. Affected by this issue is the function cancel. The manipulation of the argument first_name/last_name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-6409 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Ecostruxure Process Expert | 2025-05-12 | 7.7 High |
| CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. | ||||
| CVE-2024-0453 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | 5 Medium |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account. | ||||
| CVE-2024-0452 | 1 Quantumcloud | 1 Ai Chatbot | 2025-05-12 | 5 Medium |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files to a linked OpenAI account. | ||||
| CVE-2024-0451 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | 5 Medium |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account. | ||||
| CVE-2023-49330 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-05-12 | 8.3 High |
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data. | ||||
| CVE-2024-4198 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | 2.7 Low |
| Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests. | ||||
| CVE-2024-4195 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | 2.7 Low |
| Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests. | ||||
| CVE-2024-4183 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | 4.3 Medium |
| Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table. | ||||
| CVE-2024-4182 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | 4.3 Medium |
| Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom status. | ||||
| CVE-2024-32046 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | 4.3 Medium |
| Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored | ||||
| CVE-2024-22091 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | 3.1 Low |
| Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths | ||||
| CVE-2024-1888 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | 4.3 Medium |
| Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server | ||||
| CVE-2024-23488 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | 3.1 Low |
| Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled. | ||||
| CVE-2024-1887 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | 4.3 Medium |
| Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export. | ||||
| CVE-2024-25723 | 2 Zenml, Zenmlio | 2 Zenml, Zenml | 2025-05-12 | 8.8 High |
| ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2. | ||||
| CVE-2024-2083 | 1 Zenml | 1 Zenml | 2025-05-12 | 9.9 Critical |
| A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory. | ||||
| CVE-2024-27507 | 2 Fedoraproject, Liblas | 2 Fedora, Liblas | 2025-05-12 | 7.5 High |
| libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp. | ||||
| CVE-2024-26455 | 2 Fluentd, Treasuredata | 2 Fluentbit, Fluent Bit | 2025-05-12 | 7.5 High |
| fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c. | ||||
| CVE-2025-4132 | 2025-05-12 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||