Search Results (968 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-24348 2026-04-15 5.4 Medium
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request.
CVE-2025-24345 2026-04-15 6.3 Medium
A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request.
CVE-2025-24335 2026-04-15 2 Low
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue.
CVE-2023-31331 2026-04-15 3 Low
Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.
CVE-2025-24347 2026-04-15 6.5 Medium
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request.
CVE-2024-56908 2026-04-15 6.8 Medium
In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. By providing malicious input in the rel_id parameter, combined with improper input validation, the attacker can bypass restrictions and upload arbitrary files to directories of their choice, potentially leading to remote code execution or server compromise.
CVE-2025-20244 1 Cisco 2 Adaptive Security Appliance Software, Firepower Threat Defense Software 2026-04-15 7.7 High
A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header field value. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted Remote Access SSL VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition, which would cause the affected device to reload.
CVE-2025-10207 1 Abb 1 Flxeon 2026-04-15 7.2 High
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5.
CVE-2025-9316 1 N-able 1 N-central 2026-04-15 N/A
N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.
CVE-2024-6068 1 Rcokwellautomation 1 Arena Input Analyzer 2026-04-15 7.3 High
A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.
CVE-2024-6173 2026-04-15 6.5 Medium
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVE-2025-15080 2 Mitsubishi, Mitsubishi Electric 2 Melsec Iq-r Series, Melsec Iq-r Series 2026-04-15 N/A
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted packet containing a specific command to the affected product.
CVE-2024-6768 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2026-04-15 N/A
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.
CVE-2024-8125 2026-04-15 N/A
Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection.  A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. This issue affects Content Management (Extended ECM): from 10.0 through 24.4  with WebReports module installed and enabled.
CVE-2025-0325 2026-04-15 4.3 Medium
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.
CVE-2025-0638 1 Nlnetlabs 1 Routinator 2026-04-15 7.5 High
The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator.
CVE-2025-10259 1 Mitsubishi 1 Melsec Iq-f Series 2026-04-15 5.3 Medium
Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. There is no impact on connections other than the attacked one.
CVE-2019-25358 1 Nikkhokkho 1 Fileoptimizer 2026-04-15 7.5 High
FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when opening options.
CVE-2024-2105 1 Jbl 7 Boombox 2, Boombox 3, Flip 5 and 4 more 2026-04-15 6.5 Medium
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.
CVE-2024-26507 1 Finalwire 4 Aida64 Business, Aida64 Engineer, Aida64 Network Audit and 1 more 2026-04-15 7.8 High
An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components.