Search
Search Results (323568 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4598 | 1 Wso2 | 2 Api Manager, Micro Integrator | 2025-10-06 | 6.5 Medium |
| An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between executions. This vulnerability does not impact user credentials or access tokens but may lead to leakage of sensitive business information handled during message flows. | ||||
| CVE-2024-3511 | 1 Wso2 | 7 Api Manager, Carbon, Enterprise Integrator and 4 more | 2025-10-06 | 4.3 Medium |
| An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance. | ||||
| CVE-2025-26389 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2025-10-06 | 10 Critical |
| A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. | ||||
| CVE-2025-39751 | 1 Linux | 1 Linux Kernel | 2025-10-06 | 7.0 High |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-49193 | 2025-10-06 | 4.2 Medium | ||
| The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks). | ||||
| CVE-2025-49186 | 2025-10-06 | 5.3 Medium | ||
| The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | ||||
| CVE-2025-49184 | 2025-10-06 | 7.5 High | ||
| A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product. | ||||
| CVE-2025-3193 | 1 Algolia | 1 Algoliasearch-helper | 2025-10-05 | 7.5 High |
| Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the _merge() function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is caught, code injected into the user-supplied search parameter may be exeucted. This is related to but distinct from the issue reported in [CVE-2021-23433](https://security.snyk.io/vuln/SNYK-JS-ALGOLIASEARCHHELPER-1570421). **NOTE:** This vulnerability is not exploitable in the default configuration of InstantSearch since searchParameters are not modifiable by users. | ||||
| CVE-2025-57971 | 2 Salesmanago, Wordpress | 2 Salesmanago, Wordpress | 2025-10-04 | 5.3 Medium |
| Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through 3.8.1. | ||||
| CVE-2025-57970 | 2 Salesmanago, Wordpress | 2 Salesmanago, Wordpress | 2025-10-04 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SALESmanago SALESmanago & Leadoo allows Cross Site Request Forgery.This issue affects SALESmanago & Leadoo: from n/a through 3.8.1. | ||||
| CVE-2025-36604 | 1 Dell | 1 Unity Operating Environment | 2025-10-04 | 7.3 High |
| Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution. | ||||
| CVE-2025-61895 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61894 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61893 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61892 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61891 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61890 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61889 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61888 | 2025-10-04 | N/A | ||
| Not used | ||||
| CVE-2025-61887 | 2025-10-04 | N/A | ||
| Not used | ||||