CVEProject
Products
2- 5 CVEs
- 3 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-25962 | Cri | 0.64 | 9.8 | 0.00 | Apr 29, 2025 | An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function | ||
| CVE-2022-31004 | Hig | 0.49 | 7.5 | 0.01 | Jun 2, 2022 | CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If… | ||
| CVE-2025-68917 | Med | 0.42 | 6.4 | 0.00 | Dec 24, 2025 | ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer. | ||
| CVE-2025-68936 | 0.00 | — | 0.00 | Dec 25, 2025 | ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer. | |||
| CVE-2025-68935 | 0.00 | — | 0.00 | Dec 25, 2025 | ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer. | |||
| CVE-2025-5526 | 0.00 | — | 0.00 | Jun 27, 2025 | The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user | |||
| CVE-2022-24875 | Med | 0.00 | 5.3 | 0.01 | Apr 21, 2022 | The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This has been resolved in commit `46d98f2b` and should be available in subsequent… | ||
| CVE-2021-46561 | Hig | 0.00 | 7.2 | 0.01 | Jan 26, 2022 | controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context… |
- risk 0.64cvss 9.8epss 0.00
An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function
- risk 0.49cvss 7.5epss 0.01
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If…
- risk 0.42cvss 6.4epss 0.00
ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer.
- CVE-2025-68936Dec 25, 2025risk 0.00cvss —epss 0.00
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
- CVE-2025-68935Dec 25, 2025risk 0.00cvss —epss 0.00
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
- CVE-2025-5526Jun 27, 2025risk 0.00cvss —epss 0.00
The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user
- risk 0.00cvss 5.3epss 0.01
The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This has been resolved in commit `46d98f2b` and should be available in subsequent…
- risk 0.00cvss 7.2epss 0.01
controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context…