Export limit exceeded: 324793 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (324793 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15033 | 1 Automattic | 1 Woocommerce | 2025-12-23 | 6.5 Medium |
| A vulnerability in WooCommerce 8.1 to 10.4.2 can allow logged-in customers to access order data of guest customers on sites with a certain configuration. This has been fixed in WooCommerce 10.4.3, as well as all the previously affected versions through point releases, starting from 8.1, where it has been fixed in 8.1.3. It does not affect WooCommerce 8.0 or earlier. | ||||
| CVE-2025-68480 | 1 Marshmallow Project | 1 Marshmallow | 2025-12-23 | 5.3 Medium |
| Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2. | ||||
| CVE-2025-58712 | 1 Redhat | 2 Amq Broker, Rhosemc | 2025-12-23 | 5.2 Medium |
| A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | ||||
| CVE-2025-7738 | 1 Redhat | 2 Ansible Automation Platform, Ansible Automation Platform Developer | 2025-12-23 | 4.4 Medium |
| A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users, the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse. | ||||
| CVE-2025-47325 | 1 Qualcomm | 89 Csr8811, Csr8811 Firmware, Ipq8070 and 86 more | 2025-12-23 | 6.5 Medium |
| Information disclosure while processing system calls with invalid parameters. | ||||
| CVE-2025-47350 | 1 Qualcomm | 37 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 34 more | 2025-12-23 | 7.8 High |
| Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application. | ||||
| CVE-2025-59479 | 1 Inaba | 2 Ib-mct001, Ib-mct001 Firmware | 2025-12-23 | 6.1 Medium |
| CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product. | ||||
| CVE-2025-66357 | 1 Inaba | 2 Ib-mct001, Ib-mct001 Firmware | 2025-12-23 | N/A |
| CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally. | ||||
| CVE-2025-61976 | 1 Inaba | 2 Ib-mct001, Ib-mct001 Firmware | 2025-12-23 | N/A |
| CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive. | ||||
| CVE-2025-66173 | 1 Hikvision | 4 Ds-7104hghi-f1, Ds-7104hghi-f1 Firmware, Ds-7204hghi-f1 and 1 more | 2025-12-23 | 6.2 Medium |
| There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment. | ||||
| CVE-2025-66174 | 1 Hikvision | 4 Ds-7104hghi-f1, Ds-7104hghi-f1 Firmware, Ds-7204hghi-f1 and 1 more | 2025-12-23 | 6.5 Medium |
| There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands. | ||||
| CVE-2025-14701 | 2 Arcadia Technology, Craftycontrol | 2 Crafty Controller, Crafty Controller | 2025-12-23 | 7.1 High |
| An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification. | ||||
| CVE-2025-14700 | 2 Arcadia Technology, Craftycontrol | 2 Crafty Controller, Crafty Controller | 2025-12-23 | 9.9 Critical |
| An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection. | ||||
| CVE-2025-14157 | 1 Gitlab | 1 Gitlab | 2025-12-23 | 6.5 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters. | ||||
| CVE-2025-4097 | 1 Gitlab | 1 Gitlab | 2025-12-23 | 6.5 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a denial of service condition by uploading specially crafted images. | ||||
| CVE-2025-12562 | 1 Gitlab | 1 Gitlab | 2025-12-23 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits. | ||||
| CVE-2025-12044 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2025-12-23 | 7.5 High |
| Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0. | ||||
| CVE-2025-38410 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-23 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix a fence leak in submit error path In error paths, we could unref the submit without calling drm_sched_entity_push_job(), so msm_job_free() will never get called. Since drm_sched_job_cleanup() will NULL out the s_fence, we can use that to detect this case. Patchwork: https://patchwork.freedesktop.org/patch/653584/ | ||||
| CVE-2025-38409 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-23 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path put_unused_fd() doesn't free the installed file, if we've already done fd_install(). So we need to also free the sync_file. Patchwork: https://patchwork.freedesktop.org/patch/653583/ | ||||
| CVE-2025-38403 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-23 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left in the structure. | ||||