Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-50933 1 Malavida 2 Cain \& Abel, Cain And Abel 2026-02-02 7.8 High
Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions.
CVE-2022-50928 2 Ivt Corp, Ivtcorporation 2 Bluesoleilcs, Bluesoleilcs 2026-02-02 7.8 High
BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe' to inject malicious executables and escalate privileges.
CVE-2022-50921 2 Ilwebmaster21, Wow21 2 Wow21, Wow21 2026-02-02 7.8 High
WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.
CVE-2018-25146 1 Microhardcorp 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more 2026-02-02 8.1 High
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.
CVE-2018-25144 1 Microhardcorp 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more 2026-02-02 8.4 High
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.
CVE-2025-33225 2 Linux, Nvidia 4 Linux, Linux Kernel, Nvidia Resiliency Extension and 1 more 2026-02-02 8.4 High
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.
CVE-2025-33235 2 Linux, Nvidia 4 Linux, Linux Kernel, Nvidia Resiliency Extension and 1 more 2026-02-02 7.8 High
NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges.
CVE-2025-7208 1 9fans 1 Plan9port 2026-02-02 5.5 Medium
A vulnerability was found in 9fans plan9port up to 9da5b44. It has been classified as critical. This affects the function edump in the library /src/plan9port/src/libsec/port/x509.c. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is b3e06559475b0130a7a2fb56ac4d131d13d2012f. It is recommended to apply a patch to fix this issue.
CVE-2025-8485 1 Lenovo 1 App Store 2026-02-02 7.3 High
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.
CVE-2025-7209 1 9fans 1 Plan9port 2026-02-02 3.3 Low
A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function value_decode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is deae8939583d83fd798fca97665e0e94656c3ee8. It is recommended to apply a patch to fix this issue.
CVE-2025-2503 1 Lenovo 1 Pcmanager 2026-02-02 7.1 High
An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.
CVE-2025-67717 1 Zitadel 1 Zitadel 2026-02-02 4.3 Medium
ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2.
CVE-2018-17207 1 Awesomemotive 1 Duplicator 2026-02-02 9.8 Critical
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
CVE-2018-25095 1 Awesomemotive 1 Duplicator 2026-02-02 9.8 Critical
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.
CVE-2018-7543 1 Awesomemotive 1 Duplicator 2026-02-02 6.1 Medium
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.
CVE-2020-11738 1 Awesomemotive 1 Duplicator 2026-02-02 7.5 High
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
CVE-2022-2551 1 Awesomemotive 1 Duplicator 2026-02-02 7.5 High
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.
CVE-2022-2552 1 Awesomemotive 1 Duplicator 2026-02-02 5.3 Medium
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
CVE-2025-67713 1 Miniflux Project 1 Miniflux 2026-02-02 6.1 Medium
Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. This issue is fixed in version 2.2.15.
CVE-2025-59935 1 Glpi-project 1 Glpi 2026-02-02 6.5 Medium
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch.