Export limit exceeded: 364436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364436 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2422 | 1 Honeywell | 1 Lenels2 Netbox | 2026-02-02 | 8.8 High |
| LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands. | ||||
| CVE-2024-2421 | 1 Honeywell | 1 Lenels2 Netbox | 2026-02-02 | 9.8 Critical |
| LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions. | ||||
| CVE-2025-64718 | 2 Js-yaml, Nodeca | 2 Js-yaml, Js-yaml | 2026-02-02 | 5.3 Medium |
| js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default). | ||||
| CVE-2024-34764 | 2026-02-02 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE ID. | ||||
| CVE-2024-43275 | 2026-02-02 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE. | ||||
| CVE-2025-15447 | 1 Seeyon | 1 Zhiyuan Oa Web Application System | 2026-02-02 | N/A |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry. | ||||
| CVE-2025-15446 | 1 Seeyon | 1 Zhiyuan Oa Web Application System | 2026-02-02 | N/A |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry. | ||||
| CVE-2025-15427 | 1 Seeyon | 1 Zhiyuan Oa Web Application System | 2026-02-02 | N/A |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry. | ||||
| CVE-2021-47916 | 2026-02-01 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2021-47853 | 1 Phppgadmin | 1 Phppgadmin | 2026-02-01 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-42130 | 1 Linux | 1 Linux Kernel | 2026-01-31 | 5.6 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-41375 | 1 Limesurvey | 1 Limesurvey | 2026-01-30 | 9.8 Critical |
| SQL Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability allows an attacker to retrieve, create, update and delete database via 'token' parameter in '/index.php' endpoint. | ||||
| CVE-2025-41376 | 1 Limesurvey | 1 Limesurvey | 2026-01-30 | 5.3 Medium |
| CRLF Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid/<SID>/token/fwyfw%0d%0aCookie:%20POC'. | ||||
| CVE-2024-6933 | 1 Limesurvey | 1 Limesurvey | 2026-01-30 | 6.3 Medium |
| A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings of the component Survey General Settings Handler. This manipulation of the argument Language causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 6.6.2+240827 can resolve this issue. Patch name: d656d2c7980b7642560977f4780e64533a68e13d. You should upgrade the affected component. | ||||
| CVE-2024-55930 | 1 Xerox | 1 Workplace Suite | 2026-01-30 | 6.7 Medium |
| Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files | ||||
| CVE-2024-55931 | 1 Xerox | 1 Workplace Suite | 2026-01-30 | 6.5 Medium |
| Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin. | ||||
| CVE-2024-55929 | 1 Xerox | 1 Workplace Suite | 2026-01-30 | 5.3 Medium |
| A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources. | ||||
| CVE-2025-70985 | 2 Ruoyi, Y Project | 2 Ruoyi, Ruoyi | 2026-01-30 | 9.1 Critical |
| Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope. | ||||
| CVE-2025-70986 | 1 Ruoyi | 1 Ruoyi | 2026-01-30 | 7.5 High |
| Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data. | ||||
| CVE-2025-48753 | 1 Obsidiandynamics | 1 Anode | 2026-01-30 | 2.9 Low |
| In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock. | ||||