Search

Search Results (364625 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-54334 1 Explorerplusplus 2 Explorer++, Explorer\+\+ 2026-01-30 9.8 Critical
Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler (SEH) records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability by providing a long file name argument over 396 characters to corrupt the SEH chain and potentially execute malicious code.
CVE-2022-50932 1 Kyocera 1 Command Center Rx 2026-01-30 7.5 High
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg (null-byte appended traversal) to access critical files such as /etc/passwd and /etc/shadow.
CVE-2025-52981 2 Juniper, Juniper Networks 14 Junos, Srx1600, Srx2300 and 11 more 2026-01-30 7.5 High
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600, SRX2300, SRX 4000 Series, and SRX5000 Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If a sequence of specific PIM packets is received, this will cause a flowd crash and restart. This issue affects Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S11, * 22.2 versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2. This is a similar, but different vulnerability than the issue reported as CVE-2024-47503, published in JSA88133.
CVE-2025-65098 1 Typebot 1 Typebot 2026-01-30 7.4 High
Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership. Version 3.13.2 fixes the issue.
CVE-2025-64709 1 Typebot 1 Typebot 2026-01-30 9.6 Critical
Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery (SSRF) vulnerability in the Typebot webhook block (HTTP Request component) functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance Metadata Service (IMDS). By bypassing IMDSv2 protection through custom header injection, attackers can extract temporary AWS IAM credentials for the EKS node role, leading to complete compromise of the Kubernetes cluster and associated AWS infrastructure. Version 3.13.1 fixes the issue.
CVE-2025-64706 1 Typebot 1 Typebot 2026-01-30 5 Medium
Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing the target user's ID and token ID, without requiring authorization checks. Version 3.13.0 fixes the issue.
CVE-2024-30264 1 Typebot 1 Typebot 2026-01-30 8.1 High
Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the `redirectPath` parameter from the URL. If a user clicks on a link where the `redirectPath` parameter has a javascript scheme, the attacker that crafted the link may be able to execute arbitrary JavaScript with the privileges of the user. Version 2.24.0 contains a patch for this issue.
CVE-2025-13925 1 Ibm 1 Aspera Console 2026-01-30 4.9 Medium
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.
CVE-2026-25097 2026-01-30 N/A
Not used
CVE-2026-25096 2026-01-30 N/A
Not used
CVE-2026-25095 2026-01-30 N/A
Not used
CVE-2026-25094 2026-01-30 N/A
Not used
CVE-2026-25093 2026-01-30 N/A
Not used
CVE-2026-25092 2026-01-30 N/A
Not used
CVE-2026-25091 2026-01-30 N/A
Not used
CVE-2026-25090 2026-01-30 N/A
Not used
CVE-2025-54942 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.
CVE-2023-4822 2 Grafana, Redhat 3 Grafana, Grafana Enterprise, Ceph Storage 2026-01-30 6.7 Medium
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.
CVE-2025-54946 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.
CVE-2025-54945 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.