Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54892 | 1 Centreon | 2 Centreon, Centreon Web | 2025-10-22 | 6.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | ||||
| CVE-2025-6791 | 1 Centreon | 2 Centreon, Centreon Web | 2025-10-22 | 8.8 High |
| In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0. | ||||
| CVE-2025-4650 | 1 Centreon | 2 Centreon, Centreon Web | 2025-10-22 | 7.2 High |
| User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26. | ||||
| CVE-2025-4649 | 1 Centreon | 1 Centreon Web | 2025-10-22 | 4.9 Medium |
| Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26. | ||||
| CVE-2025-5745 | 1 Gnu | 1 Glibc | 2025-10-22 | 5.6 Medium |
| The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. | ||||
| CVE-2025-8429 | 1 Centreon | 2 Centreon, Centreon Web | 2025-10-22 | 6.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | ||||
| CVE-2025-40657 | 1 Acc | 1 Dm Corporative Cms | 2025-10-22 | 9.8 Critical |
| A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp. | ||||
| CVE-2025-40658 | 1 Acc | 1 Dm Corporative Cms | 2025-10-22 | 7.5 High |
| An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp. | ||||
| CVE-2025-40659 | 1 Acc | 1 Dm Corporative Cms | 2025-10-22 | 7.5 High |
| An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp. | ||||
| CVE-2025-40660 | 1 Acc | 1 Dm Corporative Cms | 2025-10-22 | 7.5 High |
| An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0. | ||||
| CVE-2024-27889 | 1 Arista | 1 Ng Firewall | 2025-10-22 | 8.8 High |
| Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. | ||||
| CVE-2025-33044 | 1 Ami | 1 Aptio V | 2025-10-22 | 7.8 High |
| APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerability may lead to memory corruption and impact Integrity and Availability. | ||||
| CVE-2025-22833 | 1 Ami | 1 Aptio V | 2025-10-22 | 7.3 High |
| APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this vulnerability may lead to arbitrary code execution. | ||||
| CVE-2025-40661 | 1 Acc | 1 Dm Corporative Cms | 2025-10-22 | 7.5 High |
| An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp. | ||||
| CVE-2025-22832 | 1 Ami | 1 Aptio V | 2025-10-22 | 7.8 High |
| APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability. | ||||
| CVE-2025-22831 | 1 Ami | 1 Aptio V | 2025-10-22 | 7.8 High |
| APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability. | ||||
| CVE-2025-40662 | 1 Acc | 1 Dm Corporative Cms | 2025-10-22 | 7.5 High |
| Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file. | ||||
| CVE-2025-53459 | 2 Wordpress, Wpquads | 2 Wordpress, Ads | 2025-10-22 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-3930 | 1 Strapi | 1 Strapi | 2025-10-22 | N/A |
| Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date (which is set to 30 days by default, but can be changed). The existence of /admin/renew-token endpoint allows anyone to renew near-expiration tokens indefinitely, further increasing the impact of this attack. This issue has been fixed in version 5.24.1. | ||||
| CVE-2015-2051 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2025-10-22 | 8.8 High |
| The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | ||||