Total
320052 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52099 | 2025-12-03 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. | |||||
| CVE-2025-50361 | 2025-12-03 | N/A | 5.1 MEDIUM | ||
| Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12_28, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash. | |||||
| CVE-2025-50360 | 2025-12-03 | N/A | 8.4 HIGH | ||
| A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service. | |||||
| CVE-2025-13992 | 2025-12-03 | N/A | 4.7 MEDIUM | ||
| Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-13086 | 2025-12-03 | N/A | N/A | ||
| Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client | |||||
| CVE-2025-12385 | 2025-12-03 | N/A | N/A | ||
| Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0. | |||||
| CVE-2025-12084 | 2025-12-03 | N/A | N/A | ||
| When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents. | |||||
| CVE-2018-16452 | 1 Tcpdump | 1 Tcpdump | 2025-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. | |||||
| CVE-2018-16451 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2025-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. | |||||
| CVE-2018-16300 | 1 Tcpdump | 1 Tcpdump | 2025-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. | |||||
| CVE-2018-16230 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2025-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). | |||||
| CVE-2018-16228 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2025-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). | |||||
| CVE-2025-65186 | 1 Getgrav | 1 Grav | 2025-12-03 | N/A | 6.1 MEDIUM |
| Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface. | |||||
| CVE-2025-64070 | 1 Remyandrade | 1 Student Grades Management System | 2025-12-03 | N/A | 5.4 MEDIUM |
| Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field. | |||||
| CVE-2025-10931 | 1 Umami | 1 Umami Analytics | 2025-12-03 | N/A | 3.8 LOW |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1. | |||||
| CVE-2025-12082 | 1 Salsa.digital | 1 Civictheme Design System | 2025-12-03 | N/A | 7.5 HIGH |
| Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0. | |||||
| CVE-2025-41066 | 1 Horde | 1 Groupware | 2025-12-03 | N/A | 5.3 MEDIUM |
| Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user. | |||||
| CVE-2025-12083 | 1 Salsa.digital | 1 Civictheme Design System | 2025-12-03 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS).This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0. | |||||
| CVE-2025-41015 | 1 Tcman | 1 Gim | 2025-12-03 | N/A | 7.5 HIGH |
| User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in '/WS/PDAWebService.asmx'. | |||||
| CVE-2025-41014 | 1 Tcman | 1 Gim | 2025-12-03 | N/A | 7.5 HIGH |
| User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'. | |||||