Search

Search Results (364230 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-9280 1 Rockwellautomation 2 Armorstart Lt, Armorstart Lt Firmware 2026-02-02 7.5 High
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. Fuzzing performed using Defensics causes the device to become unresponsive, requiring a reboot.
CVE-2025-9282 1 Rockwellautomation 2 Armorstart Lt, Armorstart Lt Firmware 2026-02-02 7.5 High
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive limited storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
CVE-2025-9283 1 Rockwellautomation 2 Armorstart Lt, Armorstart Lt Firmware 2026-02-02 7.5 High
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limits Storms tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
CVE-2025-9464 1 Rockwellautomation 2 Armorstart Lt, Armorstart Lt Firmware 2026-02-02 7.5 High
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. This vulnerability is triggered during fuzzing of multiple CIP classes, which causes the CIP port to become unresponsive.
CVE-2025-9465 1 Rockwellautomation 2 Armorstart Lt, Armorstart Lt Firmware 2026-02-02 7.5 High
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
CVE-2025-9466 1 Rockwellautomation 2 Armorstart Lt, Armorstart Lt Firmware 2026-02-02 7.5 High
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP and CIP grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.
CVE-2021-47802 1 Tenda 4 D151, D151 Firmware, D301 and 1 more 2026-02-02 7.5 High
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication.
CVE-2021-47849 1 Yodinfo 1 Mini Mouse 2026-02-02 6.2 Medium
Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests.
CVE-2021-47850 1 Yodinfo 1 Mini Mouse 2026-02-02 7.5 High
Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating file and path parameters.
CVE-2021-47851 1 Yodinfo 1 Mini Mouse 2026-02-02 9.8 Critical
Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script commands.
CVE-2025-66959 1 Ollama 1 Ollama 2026-02-02 7.5 High
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder
CVE-2025-66960 1 Ollama 1 Ollama 2026-02-02 7.5 High
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata
CVE-2025-12781 1 Python 2 Cpython, Python 2026-02-02 5.3 Medium
When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without "+/"). If your application does not use the "altchars" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted "+" or "/" outside of altchars.
CVE-2026-0921 2026-02-02 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2025-67825 2 Gonitro, Microsoft 2 Nitro Pdf Pro, Windows 2026-02-02 5.5 Medium
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updated to ensure signer information consistently reflects the verified certificate identity.
CVE-2025-68716 1 Kaysus 2 Ks-wr3600, Ks-wr3600 Firmware 2026-02-02 8.4 High
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to trivially gain root shell access and execute arbitrary commands with full privileges.
CVE-2025-68717 1 Kaysus 2 Ks-wr3600, Ks-wr3600 Firmware 2026-02-02 9.4 Critical
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user's active session to retrieve sensitive configuration data or execute privileged actions without authentication.
CVE-2025-57130 1 Zwiicms 1 Zwiicms 2026-02-02 8.3 High
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user, including administrators.
CVE-2025-68718 1 Kaysus 2 Ks-wr1200, Ks-wr1200 Firmware 2026-02-02 5.4 Medium
KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials (root:12345678). The administrator cannot disable these services or change the hardcoded password. (Changing the management GUI password does not affect SSH/TELNET authentication.) Any LAN-adjacent attacker can trivially log in with root privileges.
CVE-2025-68719 1 Kaysus 2 Ks-wr3600, Ks-wr3600 Firmware 2026-02-02 8.8 High
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow, enabling credential recovery and potential full compromise of the device.