Export limit exceeded: 364271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364271 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3405 | 1 M-files | 1 M-files Server | 2026-02-23 | 7.5 High |
| Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service | ||||
| CVE-2023-2480 | 1 M-files | 1 M-files | 2026-02-23 | 7.5 High |
| Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications | ||||
| CVE-2023-2325 | 1 M-files | 1 Classic Web | 2026-02-23 | 7.3 High |
| Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document. | ||||
| CVE-2023-2112 | 1 M-files | 1 M-files Server | 2026-02-23 | 3.6 Low |
| Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. | ||||
| CVE-2023-0384 | 1 M-files | 1 M-files Server | 2026-02-23 | 6.5 Medium |
| User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job. | ||||
| CVE-2023-0383 | 1 M-files | 1 M-files Server | 2026-02-23 | 7.5 High |
| User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. | ||||
| CVE-2023-0382 | 1 M-files | 1 M-files Server | 2026-02-23 | 6.5 Medium |
| User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. | ||||
| CVE-2023-0213 | 2 M-files, Microsoft | 2 M-files, Windows | 2026-02-23 | 8.8 High |
| Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. | ||||
| CVE-2022-4862 | 1 M-files | 1 M-files Server | 2026-02-23 | 5 Medium |
| Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. | ||||
| CVE-2022-4861 | 1 M-files | 1 M-files Client | 2026-02-23 | 4.8 Medium |
| Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource. | ||||
| CVE-2022-4858 | 1 M-files | 1 M-files Server | 2026-02-23 | 4.4 Medium |
| Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. | ||||
| CVE-2022-4270 | 1 M-files | 1 M-files Server | 2026-02-23 | 2 Low |
| Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. | ||||
| CVE-2022-1911 | 1 M-files | 1 M-files Server | 2026-02-23 | 5.3 Medium |
| Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. | ||||
| CVE-2026-1624 | 2 D-link, Dlink | 3 Dwr-961, Dwr-m961, Dwr-m961 Firmware | 2026-02-23 | 6.3 Medium |
| A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-15538 | 1 Assimp | 1 Assimp | 2026-02-23 | 5.3 Medium |
| A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128. | ||||
| CVE-2025-15503 | 1 Sangfor | 1 Operation And Maintenance Security Management System | 2026-02-23 | 7.3 High |
| A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15502 | 1 Sangfor | 1 Operation And Maintenance Security Management System | 2026-02-23 | 7.3 High |
| A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session. Such manipulation of the argument Hostname leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15501 | 1 Sangfor | 1 Operation And Maintenance Security Management System | 2026-02-23 | 9.8 Critical |
| A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15500 | 1 Sangfor | 2 Operation And Maintenance Management System, Operation And Maintenance Security Management System | 2026-02-23 | 9.8 Critical |
| A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15499 | 1 Sangfor | 2 Operation And Maintenance Management System, Operation And Maintenance Security Management System | 2026-02-23 | 8.8 High |
| A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||