Search

Search Results (312538 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-25015 1 Elastic 1 Kibana 2025-10-02 9.9 Critical
Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors
CVE-2025-53808 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-10-02 6.7 Medium
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-43489 1 Hp 1 Poly Clariti Manager 2025-10-02 5.2 Medium
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update.
CVE-2025-43020 1 Hp 1 Poly Clariti Manager 2025-10-02 6.8 Medium
A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a privileged user to submit arbitrary input. HP has addressed the issue in the latest software update.
CVE-2025-43021 1 Hp 1 Poly Clariti Manager 2025-10-02 5.7 Medium
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the use and retrieval of the default password. HP has addressed the issue in the latest software update.
CVE-2025-43022 1 Hp 1 Poly Clariti Manager 2025-10-02 7.2 High
A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow a privileged user to execute SQL commands. HP has addressed the issue in the latest software update.
CVE-2025-43483 1 Hp 1 Poly Clariti Manager 2025-10-02 5.7 Medium
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update.
CVE-2025-43484 1 Hp 1 Poly Clariti Manager 2025-10-02 6.1 Medium
A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update.
CVE-2025-43485 1 Hp 1 Poly Clariti Manager 2025-10-02 4.5 Medium
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could potentially allow a privileged user to retrieve credentials from the log files. HP has addressed the issue in the latest software update.
CVE-2025-43486 1 Hp 1 Poly Clariti Manager 2025-10-02 4.8 Medium
A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update.
CVE-2025-43487 1 Hp 1 Poly Clariti Manager 2025-10-02 6.8 Medium
A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software update.
CVE-2025-6504 2 Linux, Progress 2 Linux Kernel, Hybrid Data Pipeline 2025-10-02 8.4 High
In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.  Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range. This vulnerability could be exploited to bypass IP restrictions, though valid user credentials would still be required for resource access.
CVE-2025-6505 2 Linux, Progress 2 Linux Kernel, Hybrid Data Pipeline 2025-10-02 8.1 High
Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and unauthorized access.  When OAuth Clients perform an OAuth handshake with the Hybrid Data Pipeline Server, the server accepts client credentials from both HTTP headers and request parameters.
CVE-2025-43488 1 Hp 1 Poly Clariti Manager 2025-10-02 4.8 Medium
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update.
CVE-2025-46206 1 Artifex 1 Mupdf 2025-10-02 6.5 Medium
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion
CVE-2025-46658 1 4cstrategies 1 Exonaut 2025-10-02 9.8 Critical
An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.
CVE-2024-41913 1 Hp 1 Poly Clariti Manager 2025-10-02 8.8 High
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.
CVE-2024-41911 1 Hp 1 Poly Clariti Manager 2025-10-02 5.4 Medium
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.
CVE-2024-41912 1 Hp 1 Poly Clariti Manager 2025-10-02 9.8 Critical
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.
CVE-2024-41910 1 Hp 1 Poly Clariti Manager 2025-10-02 6.1 Medium
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used.