Export limit exceeded: 364918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-12131 1 Silabs 2 Simplicity Sdk, Simplicity Software Development Kit 2026-02-12 6.5 Medium
A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service.
CVE-2025-15557 1 Tp-link 4 Tapo H100, Tapo H100 Firmware, Tapo P100 and 1 more 2026-02-12 8.8 High
An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications.  This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations.
CVE-2025-58466 2 Qnap, Qnap Systems 4 Qts, Quts Hero, Qts and 1 more 2026-02-12 4.9 Medium
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later
CVE-2025-52026 1 Aptsys 2 Gemscms, Gemscms Backend 2026-02-12 7.5 High
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
CVE-2025-59106 2 Dormakaba, Dormakabagroup 13 Access Manager, Dormakaba Access Manager 9200-k5, Dormakaba Access Manager 9200-k5 Firmware and 10 more 2026-02-12 8.8 High
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
CVE-2025-67274 1 Continuous.software 1 Aangine 2026-02-12 7.5 High
An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints
CVE-2025-70982 2 Bladex, Chillzhuang 2 Springblade, Springblade 2026-02-12 9.9 Critical
Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data.
CVE-2025-67221 1 Ijl 1 Orjson 2026-02-12 7.5 High
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.
CVE-2025-56590 1 Apryse 2 Html2pdf, Html2pdf Sdk 2026-02-12 9.8 Critical
An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.
CVE-2025-68686 1 Fortinet 1 Fortios 2026-02-12 5.3 Medium
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level.
CVE-2025-54170 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
An out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-57708 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-57709 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 8.1 High
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-57710 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 4.9 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-57711 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 4.9 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-58467 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-58470 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-58471 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 4.9 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.2.0.1 ( 2025/12/21 ) and later
CVE-2025-58472 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 4.9 Medium
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-68406 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later