Search Results (364156 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-64691 1 Aveva 1 Process Optimization 2026-01-22 8.8 High
The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.
CVE-2025-64729 1 Aveva 1 Process Optimization 2026-01-22 8.1 High
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.
CVE-2025-65117 1 Aveva 1 Process Optimization 2026-01-22 7.4 High
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.
CVE-2025-65118 1 Aveva 2 Application Server, Process Optimization 2026-01-22 8.8 High
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.
CVE-2025-64769 1 Aveva 1 Process Optimization 2026-01-22 7.1 High
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios.
CVE-2021-41739 1 Articatech 1 Artica Proxy 2026-01-22 9.8 Critical
A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp.
CVE-2025-68151 1 Coredns.io 1 Coredns 2026-01-22 7.5 High
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints. Version 1.14.0 contains a patch.
CVE-2025-31963 1 Hcltech 1 Bigfix Insights For Vulnerability Remediation 2026-01-22 2.9 Low
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests.
CVE-2024-53252 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2024-53251 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2024-53250 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2024-53249 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2024-53248 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2024-45743 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2024-45742 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2024-45730 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2024-45729 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2024-45728 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2024-45727 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2024-45726 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.