Search
Search Results (364911 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22908 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-01-23 | 9.1 Critical |
| Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality. | ||||
| CVE-2025-37179 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-01-23 | 5.3 Medium |
| Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process. | ||||
| CVE-2025-23206 | 1 Amazon | 1 Aws Cloud Development Kit | 2026-01-23 | 8.1 High |
| The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow. However, the current `tls.connect` method will always set `rejectUnauthorized: false` which is a potential security concern. CDK should follow the best practice and set `rejectUnauthorized: true`. However, this could be a breaking change for existing CDK applications and we should fix this with a feature flag. Note that this is marked as low severity Security advisory because the issuer url is provided by CDK users who define the CDK application. If they insist on connecting to a unauthorized OIDC provider, CDK should not disallow this. Additionally, the code block is run in a Lambda environment which mitigate the MITM attack. The patch is in progress. To mitigate, upgrade to CDK v2.177.0 (Expected release date 2025-02-22). Once upgraded, users should make sure the feature flag '@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections' is set to true in `cdk.context.json` or `cdk.json`. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-37168 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-01-23 | 8.2 High |
| Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices. | ||||
| CVE-2025-70968 | 1 Freeimage Project | 1 Freeimage | 2026-01-23 | 9.8 Critical |
| FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE(). | ||||
| CVE-2025-63644 | 2 Ph7builder, Ph7software | 2 Ph7 Social Dating Builder, Ph7-social-dating-cms | 2026-01-23 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field. | ||||
| CVE-2025-14556 | 2 Drupal, Flag Module Project | 2 Flag, Flag | 2026-01-23 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9. | ||||
| CVE-2025-14557 | 2 Drupal, Facebook Pixel Project | 2 Facebook Pixel, Facebook Pixel | 2026-01-23 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1. | ||||
| CVE-2021-24713 | 1 Cminds | 2 Video Lessons Manager, Video Lessons Manager Pro | 2026-01-23 | 4.8 Medium |
| The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks | ||||
| CVE-2023-28749 | 1 Cminds | 1 Cm Search And Replace | 2026-01-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. | ||||
| CVE-2026-24342 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24341 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24340 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24339 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24338 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24337 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24336 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24335 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24334 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2022-41342 | 1 Intel | 1 C\+\+ Compiler | 2026-01-23 | 6 Medium |
| Improper buffer restrictions in the Intel(R) C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||