Export limit exceeded: 10132 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10132 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31947 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-10-06 | 5.8 Medium |
| Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost. | ||||
| CVE-2025-32942 | 1 Ssh | 1 Tectia Server | 2025-10-06 | 7.2 High |
| SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic. | ||||
| CVE-2025-49090 | 1 Matrix | 1 Specification | 2025-10-06 | 7.1 High |
| The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution. | ||||
| CVE-2025-9286 | 3 Hancock11, Woocommerce, Wordpress | 3 Appy Pie Connect For Woocommerce, Woocommerce, Wordpress | 2025-10-06 | 9.8 Critical |
| The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access. | ||||
| CVE-2025-10728 | 1 Qt | 1 Qt | 2025-10-06 | 4.0 Medium |
| When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursively leading to stack overflow DoS | ||||
| CVE-2025-0606 | 1 Logo Software | 1 Logo Cloud | 2025-10-06 | 6 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Logo Software Inc. Logo Cloud allows Forceful Browsing, Resource Leak Exposure.This issue affects Logo Cloud: before 0.67. | ||||
| CVE-2025-0608 | 1 Logo Software | 1 Logo Cloud | 2025-10-06 | 5.5 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Logo Software Inc. Logo Cloud allows Phishing, Forceful Browsing.This issue affects Logo Cloud: before 2025.R6. | ||||
| CVE-2024-0137 | 2 Linux, Nvidia | 4 Linux Kernel, Container Toolkit, Nvidia Container Toolkit and 1 more | 2025-10-06 | 5.5 Medium |
| NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to denial of service and escalation of privileges. | ||||
| CVE-2024-0136 | 2 Linux, Nvidia | 4 Linux Kernel, Container Toolkit, Nvidia Container Toolkit and 1 more | 2025-10-06 | 7.6 High |
| NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-0135 | 2 Linux, Nvidia | 4 Linux Kernel, Container Toolkit, Nvidia Container Toolkit and 1 more | 2025-10-06 | 7.6 High |
| NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-1440 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2025-10-06 | 5.4 Medium |
| An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site. By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions. | ||||
| CVE-2025-36011 | 1 Ibm | 1 Jazz For Service Management | 2025-10-03 | 4.3 Medium |
| IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | ||||
| CVE-2025-11140 | 2 Bjskzy, Zhiyou-group | 2 Zhiyou Erp, Zhiyou Erp | 2025-10-03 | 7.3 High |
| A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-55552 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 5.3 Medium |
| pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. | ||||
| CVE-2025-46149 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 5.3 Medium |
| In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. | ||||
| CVE-2025-55551 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 7.5 High |
| An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. | ||||
| CVE-2025-10816 | 1 Jinher | 1 Jinher Oa | 2025-10-03 | 7.3 High |
| A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing manipulation results in xml external entity reference. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2023-49881 | 1 Ibm | 1 Transformation Extender Advanced | 2025-10-03 | 6.3 Medium |
| IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2025-54592 | 1 Freshrss | 1 Freshrss | 2025-10-03 | 9.8 Critical |
| FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains active and unchanged. The unchanged cookie could be reused by an attacker if a new session were to be started. This failure to invalidate the session can lead to session hijacking and fixation vulnerabilities. This issue is fixed in version 1.27.0 | ||||
| CVE-2024-38663 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-10-03 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each iostat instance is added to blkcg percpu list, so blkcg_reset_stats() can't reset the stat instance by memset(), otherwise the llist may be corrupted. Fix the issue by only resetting the counter part. | ||||