Search
Search Results (331772 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3511 | 1 Wso2 | 7 Api Manager, Carbon, Enterprise Integrator and 4 more | 2025-10-06 | 4.3 Medium |
| An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance. | ||||
| CVE-2025-26389 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2025-10-06 | 10 Critical |
| A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. | ||||
| CVE-2025-39751 | 1 Linux | 1 Linux Kernel | 2025-10-06 | 7.0 High |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-3193 | 1 Algolia | 1 Algoliasearch-helper | 2025-10-05 | 7.5 High |
| Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the _merge() function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is caught, code injected into the user-supplied search parameter may be exeucted. This is related to but distinct from the issue reported in [CVE-2021-23433](https://security.snyk.io/vuln/SNYK-JS-ALGOLIASEARCHHELPER-1570421). **NOTE:** This vulnerability is not exploitable in the default configuration of InstantSearch since searchParameters are not modifiable by users. | ||||
| CVE-2025-57971 | 2 Salesmanago, Wordpress | 2 Salesmanago, Wordpress | 2025-10-04 | 5.3 Medium |
| Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through 3.8.1. | ||||
| CVE-2025-57970 | 2 Salesmanago, Wordpress | 2 Salesmanago, Wordpress | 2025-10-04 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SALESmanago SALESmanago & Leadoo allows Cross Site Request Forgery.This issue affects SALESmanago & Leadoo: from n/a through 3.8.1. | ||||
| CVE-2025-36604 | 1 Dell | 1 Unity Operating Environment | 2025-10-04 | 7.3 High |
| Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution. | ||||
| CVE-2025-61895 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61894 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61893 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61892 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61891 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61890 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61889 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61888 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61887 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61585 | 2025-10-03 | N/A | ||
| Further research determined the issue is not an independent vulnerability as it originates from Apache Felix. | ||||
| CVE-2025-7259 | 1 Mongodb | 1 Mongodb | 2025-10-03 | 6.5 Medium |
| An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0. | ||||
| CVE-2025-6714 | 1 Mongodb | 1 Mongodb | 2025-10-03 | 7.5 High |
| MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9 Required Configuration: This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports. | ||||
| CVE-2025-6713 | 1 Mongodb | 1 Mongodb | 2025-10-03 | 7.7 High |
| An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB Server v8.0 versions prior to 8.0.7, MongoDB Server v7.0 versions prior to 7.0.19 and MongoDB Server v6.0 versions prior to 6.0.22 | ||||