Export limit exceeded: 10052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364862 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65025 | 2 Esm, Esm-dev | 2 Esm.sh, Esmsh | 2026-01-15 | 8.2 High |
| esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths (e.g., package/../../tmp/evil.js). When esm.sh downloads and extracts this package, files may be written to arbitrary locations on the server, escaping the intended extraction directory. This issue has been patched in version 136. | ||||
| CVE-2025-14405 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | 6.8 Medium |
| PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27867. | ||||
| CVE-2025-68962 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.1 Medium |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68961 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.1 Medium |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68960 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8.4 High |
| Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68959 | 1 Huawei | 2 Emui, Harmonyos | 2026-01-15 | 6.2 Medium |
| Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-68958 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68957 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8.4 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68956 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-14404 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | N/A |
| PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XLS files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27498. | ||||
| CVE-2025-14403 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | N/A |
| PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the Launch action. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27500. | ||||
| CVE-2025-14402 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | N/A |
| PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DOC files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27499. | ||||
| CVE-2025-14401 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | N/A |
| PDFsam Enhanced App Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of App objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27260. | ||||
| CVE-2025-68955 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-33222 | 1 Nvidia | 1 Isaac Launchable | 2026-01-15 | 9.8 Critical |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering. | ||||
| CVE-2025-33223 | 1 Nvidia | 1 Isaac Launchable | 2026-01-15 | 9.8 Critical |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering. | ||||
| CVE-2025-33224 | 1 Nvidia | 1 Isaac Launchable | 2026-01-15 | 9.8 Critical |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering. | ||||
| CVE-2025-68967 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.7 Medium |
| Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-68966 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.1 Medium |
| Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-65291 | 1 Aqara | 6 Camera Hub G3, Camera Hub G3 Firmware, Hub M2 and 3 more | 2026-01-15 | 7.4 High |
| Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring. | ||||