CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-68382 Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68383 Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) an... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68384 Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of s... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68388 Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IP... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-34859 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | β | 0 |
| CVE-2025-34860 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | β | 0 |
| CVE-2025-68279 Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.... | 7.7 | HIGH | β | 0 |
| CVE-2025-68385 Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to embed a malicious script in content that will be served to web browsers ca... | 7.2 | HIGH | β | 0 |
| CVE-2025-68386 Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to change a document's sharing type to "global," even though they do not have ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-68387 Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an unauthenticated user to embed a malicious script in content that will be served to web browsers ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-68389 Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-66500 A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allow... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-68390 Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-68422 Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This al... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-64675 Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network. | 8.3 | HIGH | β | 0 |
| CVE-2006-0489 Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the ven... | N/A | NONE | β | 0 |
| CVE-2025-34861 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | β | 0 |
| CVE-2025-34862 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | β | 0 |
| CVE-2025-13941 A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the upd... | 8.8 | HIGH | β | 0 |
| CVE-2025-52692 Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials. | 8.8 | HIGH | β | 0 |
| CVE-2025-34863 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | β | 0 |
| CVE-2025-34864 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | β | 0 |
| CVE-2025-67842 The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-67843 A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in... | 8.3 | HIGH | β | 0 |
| CVE-2025-67844 The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that th... | 5.0 | MEDIUM | β | 0 |
| CVE-2025-67845 A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containin... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-67846 The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Verc... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-66502 A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into th... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-66173 There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit t... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-66174 There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could explo... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-66493 A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafte... | 7.8 | HIGH | β | 0 |
| CVE-2025-66494 A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while s... | 7.8 | HIGH | β | 0 |
| CVE-2025-66501 A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity βFirst N... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-66495 A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScrip... | 7.8 | HIGH | β | 0 |
| CVE-2025-66496 A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or sp... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-66497 A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or sp... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-66498 A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or sp... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-66499 A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size m... | 7.8 | HIGH | β | 0 |
| CVE-2025-66519 A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the βCreate new Layerβ field during layer ... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-66520 A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com). User-supplied SVG files are not properly sanitized or validated b... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-66521 A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rende... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-66522 A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-66524 Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. ... | 8.8 | HIGH | β | 0 |
| CVE-2006-0490 SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums 8.0 and earlier allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the password field. | N/A | NONE | β | 0 |
| CVE-2025-1885 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Phishing, Forceful Browsing.This issue affects Online Foo... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-50681 igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insuf... | 7.5 | HIGH | β | 0 |
| CVE-2025-66908 Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-66909 Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads... | 7.5 | HIGH | β | 0 |
| CVE-2025-66910 Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in p... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-66911 Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServ... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.