Search

Search Results (364952 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-50376 1 Advantech 6 Eki-6333ac-1gpo, Eki-6333ac-1gpo Firmware, Eki-6333ac-2g and 3 more 2026-01-23 7.3 High
A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID.
CVE-2021-47773 1 Dynojet 1 Power Core 2026-01-23 7.8 High
Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit the unquoted binary path by placing malicious executables in the service's file path to gain Local System access.
CVE-2024-50377 1 Advantech 6 Eki-6333ac-1gpo, Eki-6333ac-1gpo Firmware, Eki-6333ac-2g and 3 more 2026-01-23 6.5 Medium
A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password.
CVE-2025-70298 1 Gpac 1 Gpac 2026-01-23 8.2 High
GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.
CVE-2025-70304 1 Gpac 1 Gpac 2026-01-23 7.5 High
A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVE-2025-70305 1 Gpac 1 Gpac 2026-01-23 5.5 Medium
A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.
CVE-2025-70308 1 Gpac 1 Gpac 2026-01-23 7.5 High
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.
CVE-2025-70309 1 Gpac 1 Gpac 2026-01-23 5.5 Medium
A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.
CVE-2025-70310 1 Gpac 1 Gpac 2026-01-23 5.5 Medium
A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.
CVE-2025-31478 1 Zulip 2 Zulip, Zulip Server 2026-01-23 8.2 High
Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being required to join, but has disabled the EmailAuthBackend that is used for email/password authentication. A bug in the Zulip server means that it is possible to create an account in such organizations, without having an account with the configured SSO authentication backend. This issue is patched in version 10.2. A workaround includes requiring invitations to join the organization prevents the vulnerability from being accessed.
CVE-2025-30167 1 Jupyter 1 Jupyter Core 2026-01-23 7.3 High
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
CVE-2025-52985 2 Juniper, Juniper Networks 2 Junos Os Evolved, Junos Os Evolved 2026-01-23 5.3 Medium
A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more than 10 entries, the prefix list doesn't match and packets destined to or from the local device are not filtered. This issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output. This issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes. This issue affects Junos OS Evolved: * 23.2R2-S3-EVO versions before 23.2R2-S4-EVO, * 23.4R2-S3-EVO versions before 23.4R2-S5-EVO, * 24.2R2-EVO versions before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO. This issue doesn't affect Junos OS Evolved versions before 23.2R1-EVO.
CVE-2025-52984 2 Juniper, Juniper Networks 4 Junos, Junos Os Evolved, Junos Os and 1 more 2026-01-23 5.9 Medium
A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts. This issue affects: Junos OS:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S3-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO.
CVE-2025-59870 1 Hcltech 1 Myxalytics 2026-01-23 7.4 High
HCL MyXalytics  is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk
CVE-2025-14894 2 Bee Interactive, Livewire-filemanager 2 Livewire Filemanager, Filemanager 2026-01-23 7.5 High
Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup process within Laravel applications has been completed.
CVE-2025-52982 1 Juniper 11 Junos, Mx10004, Mx10008 and 8 more 2026-01-23 5.9 Medium
An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an MX Series device with an MS-MPC is configured with two or more service sets which are both processing SIP calls, a specific sequence of call events will lead to a crash and restart of the MS-MPC. This issue affects Junos OS: * all versions before 21.2R3-S9, * 21.4 versions from 21.4R1, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6. As the MS-MPC is EoL after Junos OS 22.4, later versions are not affected. This issue does not affect MX-SPC3 or SRX Series devices.
CVE-2024-7006 2 Libtiff, Redhat 6 Libtiff, Enterprise Linux, Enterprise Linux For Arm 64 and 3 more 2026-01-23 7.5 High
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.
CVE-2024-7260 1 Redhat 3 Build Keycloak, Build Of Keycloak, Keycloak 2026-01-23 6.1 Medium
An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks. Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.
CVE-2025-15104 2 The Nu Html Checker, Validator 2 The Nu Html Checker, Validator 2026-01-23 5.3 Medium
Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and 127.0.0.1, these controls can be bypassed using DNS rebinding techniques or domains that resolve to loopback addresses.This issue affects The Nu Html Checker (vnu): latest (commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd).
CVE-2022-49852 1 Linux 1 Linux Kernel 2026-01-23 7.1 High
In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage thread_struct's s[12] may contain random kernel memory content, which may be finally leaked to userspace. This is a security hole. Fix it by clearing the s[12] array in thread_struct when fork. As for kthread case, it's better to clear the s[12] array as well.