Search
Search Results (322822 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11561 | 1 Redhat | 9 Ceph Storage, Enterprise Linux, Openshift and 6 more | 2025-12-11 | 8.8 High |
| A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts. | ||||
| CVE-2025-67694 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67693 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67692 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67691 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67690 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67689 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67688 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67687 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67686 | 2025-12-11 | N/A | ||
| Not used | ||||
| CVE-2025-67514 | 2025-12-11 | N/A | ||
| Vulnerability is dependency-based. | ||||
| CVE-2025-67512 | 2025-12-11 | N/A | ||
| The vulnerability is dependency-based. | ||||
| CVE-2025-66581 | 1 Frappe | 3 Frappe, Frappe Lms, Learning | 2025-12-11 | 6.5 Medium |
| Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the affected endpoints relied on client-side or UI-level checks instead of enforcing permissions on the server, users with low-privileged roles (such as students) could perform operations intended only for instructors or administrators via directly using the API's. This vulnerability is fixed in 2.41.0. | ||||
| CVE-2025-14225 | 2 D-link, Dlink | 3 Dcs-930l, Dcs-930l, Dcs-930l Firmware | 2025-12-11 | 6.3 Medium |
| A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-14245 | 1 Ideacms | 1 Ideacms | 2025-12-11 | 7.3 High |
| A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-65797 | 1 Usememos | 1 Memos | 2025-12-11 | 6.5 Medium |
| Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS). | ||||
| CVE-2025-65804 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-12-11 | 6.5 Medium |
| Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE). | ||||
| CVE-2025-12635 | 1 Ibm | 1 Websphere Application Server | 2025-12-11 | 5.4 Medium |
| IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site. | ||||
| CVE-2025-12832 | 1 Ibm | 1 Infosphere Information Server | 2025-12-10 | 4.6 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticatedĀ attacker to send unauthorized requests from the system, potentially leading to network enumeration orĀ facilitating other attacks. | ||||
| CVE-2025-65962 | 1 Enalean | 1 Tuleap | 2025-12-10 | 4.6 Medium |
| Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field dependencies, allowing attackers to modify tracker fields. This issue is fixed in Tuleap Community Edition version 17.0.99.1763803709 and Tuleap Enterprise Edition versions 17.0-4 and 16.13-9. | ||||