Search

Search Results (363807 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-50787 1 Sound4 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more 2026-01-13 7.2 High
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victim browser sessions without authentication.
CVE-2022-50788 1 Sound4 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more 2026-01-13 7.5 High
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication.
CVE-2023-46839 2 Fedoraproject, Xen 2 Fedora, Xen 2026-01-13 5.3 Medium
PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context setup, but failure to setup the context is not fatal when the device is assigned. Not failing device assignment when such failure happens can lead to the primary device being assigned to a guest, while some of the phantom functions are assigned to a different domain.
CVE-2025-35021 2 Abilis, Antek 3 Cpx, Abilis Cpx 2000, Abilis Cpx Firmware 2026-01-13 6.5 Medium
By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections.
CVE-2023-46840 2 Fedoraproject, Xen 2 Fedora, Xen 2026-01-13 4.1 Medium
Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen.
CVE-2022-50793 1 Sound4 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more 2026-01-13 8.8 High
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' parameter values to execute arbitrary system commands with www-data user privileges.
CVE-2022-50794 1 Sound4 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more 2026-01-13 9.8 Critical
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system commands.
CVE-2025-20765 4 Google, Linuxfoundation, Mediatek and 1 more 53 Android, Yocto, Mt2718 and 50 more 2026-01-13 4.7 Medium
In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.
CVE-2024-56840 1 Siemens 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware 2026-01-13 7.2 High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user.
CVE-2024-56839 1 Siemens 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware 2026-01-13 7.2 High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.
CVE-2024-56838 1 Siemens 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware 2026-01-13 7.2 High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user.
CVE-2024-56837 1 Siemens 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware 2026-01-13 7.2 High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system.
CVE-2024-56836 1 Siemens 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware 2026-01-13 7.5 High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
CVE-2024-56835 1 Siemens 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware 2026-01-13 8.8 High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
CVE-2025-15069 1 Gmission 1 Web Fax 2026-01-13 7.1 High
Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue affects Web Fax: from 3.0 before 3.0.1
CVE-2025-15068 1 Gmission 1 Web Fax 2026-01-13 7.7 High
Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse, Session Credential Falsification through Manipulation.This issue affects Web Fax: from 3.0 before 3.0.1
CVE-2026-22837 2026-01-13 N/A
Not used
CVE-2026-22836 2026-01-13 N/A
Not used
CVE-2026-22835 2026-01-13 N/A
Not used
CVE-2026-22834 2026-01-13 N/A
Not used