EN / ES

Showing 1–50 of 319952 results .

CVE ID Title Severity CVSS EPSS Published
CVE-2025-14010 Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output MEDIUM 5.5 None 2025-12-04 09:51:55
CVE-2025-12826 Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification MEDIUM 4.8 None 2025-12-04 06:48:40
CVE-2025-12782 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering MEDIUM 4.3 None 2025-12-04 06:48:39
CVE-2025-13513 Clik stats <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] MEDIUM 6.1 None 2025-12-04 05:24:13
CVE-2025-11727 Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting HIGH 7.2 None 2025-12-04 04:29:01
CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure MEDIUM 5.3 None 2025-12-04 04:29:00
CVE-2025-62173 Authenticated SQL Injection in Endpoint Module Rest API NONE None 2025-12-03 23:14:56
CVE-2025-66404 mcp-server-kubernetes potential security issue in exec_in_pod tool MEDIUM 6.4 None 2025-12-03 20:40:11
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite HIGH 7.1 None 2025-12-03 20:33:57
CVE-2025-13086 NONE None 2025-12-03 19:54:10
CVE-2025-66489 Cal.com Authentication Bypass via bad TOTP + password checks NONE None 2025-12-03 19:44:35
CVE-2025-65097 Insecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User Collections NONE None 2025-12-03 19:41:33
CVE-2025-65096 RomM Insecure Direct Object Reference (IDOR) Allows Unauthorized Access to Private Collections NONE None 2025-12-03 19:39:53
CVE-2025-12385 Improper validation of <img> tag size in Text component parser NONE None 2025-12-03 19:38:53
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 NONE None 2025-12-03 19:37:15
CVE-2025-65027 RomM Chained XSS and CSRF Vulnerabilities Enable Admin Account Takeover HIGH 7.6 None 2025-12-03 19:36:02
CVE-2025-66453 Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function NONE None 2025-12-03 19:31:54
CVE-2025-66411 Coder logged sensitive objects unsanitized HIGH 7.8 None 2025-12-03 19:25:24
CVE-2025-66406 Improper Authorization Check for SSH Certificate Revocation MEDIUM 5.0 None 2025-12-03 19:13:48
CVE-2025-13992 NONE None 2025-12-03 19:09:05
CVE-2025-12819 Untrusted search path in auth_query connection in PgBouncer HIGH 7.5 None 2025-12-03 19:00:09
CVE-2025-12084 Quadratic complexity in node ID cache clearing NONE None 2025-12-03 18:55:32
CVE-2024-3884 Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded HIGH 7.5 None 2025-12-03 18:40:25
CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE) CRITICAL 9.7 None 2025-12-03 18:34:44
CVE-2025-66220 Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte MEDIUM 5.0 None 2025-12-03 18:31:50
CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy NONE None 2025-12-03 18:25:59
CVE-2025-33208 HIGH 8.8 None 2025-12-03 18:19:04
CVE-2025-66032 Claude Code Command Validation Bypass Allows Arbitrary Code Execution NONE None 2025-12-03 18:16:54
CVE-2025-33211 HIGH 7.5 None 2025-12-03 18:16:14
CVE-2025-33201 HIGH 7.5 None 2025-12-03 18:15:59
CVE-2025-64763 Envoy forwards early CONNECT data in TCP proxy mode LOW 3.7 None 2025-12-03 18:13:58
CVE-2025-64527 Envoy crashes when JWT authentication is configured with the remote JWKS fetching MEDIUM 6.5 None 2025-12-03 18:04:35
CVE-2025-64443 DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode NONE None 2025-12-03 17:41:59
CVE-2025-54065 GZDoom engine allows arbitrary code execution via ZScript actor states HIGH 7.8 None 2025-12-03 17:02:56
CVE-2025-20388 Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise LOW 2.7 None 2025-12-03 17:00:59
CVE-2025-20389 Improper Input Validation in "label" column field in Splunk Secure Gateway App MEDIUM 4.3 None 2025-12-03 17:00:55
CVE-2025-20387 Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade HIGH 8.0 None 2025-12-03 17:00:51
CVE-2025-20383 Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app MEDIUM 4.3 None 2025-12-03 17:00:36
CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise MEDIUM 5.3 None 2025-12-03 17:00:34
CVE-2025-20386 Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade HIGH 8.0 None 2025-12-03 17:00:31
CVE-2025-20385 Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise LOW 2.4 None 2025-12-03 17:00:29
CVE-2025-20381 SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool MEDIUM 5.4 None 2025-12-03 17:00:25
CVE-2025-20382 URL validation bypass through Views Dashboard in Splunk Enterprise LOW 3.5 None 2025-12-03 17:00:21
CVE-2025-34319 TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE NONE None 2025-12-03 16:49:11
CVE-2024-32643 Masa CMS vulnerable to authentication bypass with /tag/ HIGH 7.5 None 2025-12-03 16:43:31
CVE-2024-32642 Host header poisoning allows account takeover via password reset email HIGH 8.8 None 2025-12-03 16:37:53
CVE-2025-13492 HP Image Assistant - Potential Escalation of Privilege NONE None 2025-12-03 16:33:39
CVE-2024-32641 Masa CMS Vulnerable to Pre-Auth RCE via JSON API CRITICAL 9.8 None 2025-12-03 16:26:00
CVE-2025-13751 NONE None 2025-12-03 16:22:35
CVE-2025-7044 Privilege Escalation in MAAS via Websocket Request Manipulation HIGH 7.7 None 2025-12-03 15:45:47