🔍 Search

Found 500 results for "cve"

Showing 341 - 360 of 500 results (limited to 500 results)

🔒 CVE CRITICAL CVSS: 9.9 November 27, 2025

CVE-2025-12421

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).

EPSS: 0.1%
🔒 CVE CRITICAL CVSS: 9.9 November 27, 2025

CVE-2025-12419

Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.

EPSS: 0.1%
🔒 CVE CRITICAL CVSS: 9.9 November 24, 2025

CVE-2025-54347

A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions.

EPSS: 0.4%
🔒 CVE CRITICAL CVSS: 9.9 November 11, 2025

CVE-2025-13032

Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3  on windows allows local attacker to escalate privelages via pool overflow.

EPSS: 0.0%
🔒 CVE CRITICAL CVSS: 9.9 November 11, 2025

CVE-2025-42887

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system.

EPSS: 0.1%
🔒 CVE CRITICAL CVSS: 9.9 November 06, 2025

CVE-2025-62065

Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.6.5.

EPSS: 0.1%
🔒 CVE CRITICAL CVSS: 9.9 November 06, 2025

CVE-2025-62047

Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case-addons.This issue affects Case Addons: from n/a through < 1.3.0.

EPSS: 0.1%
🔒 CVE CRITICAL CVSS: 9.9 November 06, 2025

CVE-2025-62016

Unrestricted Upload of File with Dangerous Type vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0.

EPSS: 0.1%
🔒 CVE CRITICAL CVSS: 9.9 November 05, 2025

CVE-2025-55343

Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txt_depe_codi, busqueda/busqueda.php txt_usua_codi, anexos_lista.php radi_temp, Administracion/listas/formArea_ajax.php codDepe, Administracion/listas/formDepeHijo_ajax.php codDepe, Administracion/listas/formDepePadre_ajax.php codInst, asociar_documentos/asociar_borrar_referencia.php radi_nume, asociar_documentos/asociar_documento_buscar_query.php radi_nume, asociar_documentos/asociar_documento_grabar.php txt_radi_nume, asociar_documentos/asociar_documento radi_nume, radicacion/buscar_usuario.php buscar_tipo, radicacion/formArea_ajax.php codDepe, radicacion/formDepeHijo_ajax.php codDepe, radicacion/formDepePadre_ajax.php codInst, radicacion/ver_datos_usuario.php destinatorio, reportes/reporte_TraspasoDocFisico.php verrad, tx/datos_imprimir_sobre.php txt_usua_codi, tx/datos_imprimir_sobre.php nume_radi_temp, tx/revertir_firma_digital_grabar.php txt_radi_nume, tx/tx_borrar_opcion_imp.php codigo_opc, tx/tx_realizar_tx.php txt_radicados, tx/tx_seguridad_documentos.php txt_radicados, or uploadFiles/cargar_doc_digitalizado_paginador.php txt_depe_codi.

EPSS: 0.1%
🔒 CVE CRITICAL CVSS: 9.9 November 05, 2025

CVE-2025-63601

Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.

EPSS: 0.6%
🔒 CVE CRITICAL CVSS: 9.9 November 03, 2025

CVE-2025-0987

Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.This issue affects CVLand: from 2.1.0 through 20251103.

EPSS: 0.1%
🔒 CVE CRITICAL CVSS: 9.9 October 31, 2025

CVE-2025-48983

A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.

EPSS: 0.2%
🔒 CVE CRITICAL CVSS: 9.9 October 30, 2025

CVE-2025-54469

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer container stops, the monitor process checks whether the consul subprocess has exited. To perform this check, the monitor process uses the popen function to execute a shell command that determines whether the ports used by the consul subprocess are still active. The values of environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT are used directly to compose shell commands via popen without validation or sanitization. This behavior could allow a malicious user to inject malicious commands through these variables within the enforcer container.

EPSS: 0.0%
🔒 CVE CRITICAL CVSS: 9.9 October 23, 2025

CVE-2025-58428

The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote command execution, full shell access, and potential lateral movement within the network.

EPSS: 0.5%
🔒 CVE CRITICAL CVSS: 9.9 October 23, 2025

CVE-2025-47699

Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.

EPSS: 0.0%
🔒 CVE CRITICAL CVSS: 9.9 October 17, 2025

CVE-2025-62645

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.

EPSS: 0.2%
🔒 CVE CRITICAL CVSS: 9.9 October 14, 2025

CVE-2025-34267

Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm execution environment. An authenticated attacker able to create or run a tool that leverages Puppeteer/Playwright can specify attacker-controlled browser binary paths and parameters. When the tool executes, the attacker-controlled executable/parameters are run on the host and circumvent the intended nodevm sandbox restrictions, resulting in execution of arbitrary code in the context of the host. This vulnerability was incorrectly assigned as a duplicate cve-2025-26319 by the developers and should be considered distinct from that identifier.

EPSS: 0.8%
🔒 CVE CRITICAL CVSS: 9.9 October 14, 2025

CVE-2025-55315

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

EPSS: 0.2%
🔒 CVE CRITICAL CVSS: 9.9 October 14, 2025

CVE-2025-49708

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.

EPSS: 0.1%
🔒 CVE CRITICAL CVSS: 9.9 October 10, 2025

CVE-2025-60306

code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations.

EPSS: 0.1%