Total
316518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-47692 | 2025-10-31 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. It has been identified as a duplicate of https://www.cve.org/CVERecord?id=CVE-2021-33179 . | |||||
| CVE-2025-36601 | 1 Dell | 1 Powerscale Onefs | 2025-10-31 | N/A | 4.0 MEDIUM |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2025-43724 | 1 Dell | 1 Powerscale Onefs | 2025-10-31 | N/A | 4.4 MEDIUM |
| Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares. | |||||
| CVE-2025-9402 | 1 Utcms Project | 1 Utcms | 2025-10-31 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9401 | 1 Utcms Project | 1 Utcms | 2025-10-31 | 2.6 LOW | 3.7 LOW |
| A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a high level of complexity. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-24893 | 1 Xwiki | 1 Xwiki | 2025-10-31 | N/A | 9.8 CRITICAL |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed. | |||||
| CVE-2025-52452 | 3 Linux, Microsoft, Tableau | 3 Linux Kernel, Windows, Tableau Server | 2025-10-31 | N/A | 8.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | |||||
| CVE-2025-4952 | 2025-10-31 | N/A | N/A | ||
| Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration. | |||||
| CVE-2025-48984 | 2025-10-31 | N/A | 8.8 HIGH | ||
| A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. | |||||
| CVE-2025-36249 | 2025-10-31 | N/A | 3.7 LOW | ||
| IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | |||||
| CVE-2025-33003 | 2025-10-31 | N/A | 7.8 HIGH | ||
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges. | |||||
| CVE-2024-13992 | 2025-10-31 | N/A | N/A | ||
| Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the "missing page" (404) page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker to craft a malicious link that, when visited by a victim, executes arbitrary JavaScript in the victim’s browser within the Nagios XI domain. | |||||
| CVE-2025-52450 | 3 Linux, Microsoft, Tableau | 3 Linux Kernel, Windows, Tableau Server | 2025-10-31 | N/A | 6.5 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | |||||
| CVE-2024-27443 | 1 Zimbra | 1 Collaboration | 2025-10-31 | N/A | 6.1 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code. | |||||
| CVE-2024-37383 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2025-10-31 | N/A | 6.1 MEDIUM |
| Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. | |||||
| CVE-2019-7483 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2025-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. | |||||
| CVE-2019-7481 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2025-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier. | |||||
| CVE-2025-64365 | 2025-10-31 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through <= 3.6.0. | |||||
| CVE-2025-64364 | 2025-10-31 | N/A | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through < 4.8.126. | |||||
| CVE-2025-64363 | 2025-10-31 | N/A | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through < 5.5.0. | |||||