Export limit exceeded: 23546 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365319 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365319 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-50426 1 Linux 1 Linux Kernel 2026-01-20 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_dsp_rproc: Add mutex protection for workqueue The workqueue may execute late even after remoteproc is stopped or stopping, some resources (rpmsg device and endpoint) have been released in rproc_stop_subdevices(), then rproc_vq_interrupt() accessing these resources will cause kennel dump. Call trace: virtqueue_add_split+0x1ac/0x560 virtqueue_add_inbuf+0x4c/0x60 rpmsg_recv_done+0x15c/0x294 vring_interrupt+0x6c/0xa4 rproc_vq_interrupt+0x30/0x50 imx_dsp_rproc_vq_work+0x24/0x40 [imx_dsp_rproc] process_one_work+0x1d0/0x354 worker_thread+0x13c/0x470 kthread+0x154/0x160 ret_from_fork+0x10/0x20 Add mutex protection in imx_dsp_rproc_vq_work(), if the state is not running, then just skip calling rproc_vq_interrupt(). Also the flush workqueue operation can't be added in rproc stop for the same reason. The call sequence is rproc_shutdown -> rproc_stop ->rproc_stop_subdevices ->rproc->ops->stop() ->imx_dsp_rproc_stop ->flush_work -> rproc_vq_interrupt The resource needed by rproc_vq_interrupt has been released in rproc_stop_subdevices, so flush_work is not safe to be called in imx_dsp_rproc_stop.
CVE-2025-14492 2 Realdefense, Superantispyware 2 Superantispyware, Superantispyware 2026-01-20 N/A
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27668.
CVE-2025-14493 2 Realdefense, Superantispyware 2 Superantispyware, Superantispyware 2026-01-20 N/A
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27675.
CVE-2025-14495 2 Realdefense, Superantispyware 2 Superantispyware, Superantispyware 2026-01-20 N/A
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27677.
CVE-2025-14496 2 Realdefense, Superantispyware 2 Superantispyware, Superantispyware 2026-01-20 N/A
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27678.
CVE-2025-14497 2 Realdefense, Superantispyware 2 Superantispyware, Superantispyware 2026-01-20 N/A
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27680.
CVE-2025-15082 2 Gztozed, Tozed 3 Zlt M30s, Zlt M30s Firmware, Zlt M30s 2026-01-20 5.3 Medium
A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-15083 2 Gztozed, Tozed 3 Zlt M30s, Zlt M30s Firmware, Zlt M30s 2026-01-20 2 Low
A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-11966 1 Eclipse 1 Vert.x 2026-01-20 6.4 Medium
In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing malicious script or HTML content, leading to stored cross-site scripting (XSS) that executes in the context of users viewing the affected directory listing.
CVE-2025-45731 1 2fauth 1 2fauth 2026-01-20 6.5 Medium
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending.
CVE-2021-36833 1 Ibericode 1 Mailchimp For Wordpress 2026-01-20 4.8 Medium
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin <= 4.8.6 at WordPress.
CVE-2025-65430 2 Allauth, Django-allauth Project 2 Allauth, Django-allauth 2026-01-20 5.4 Medium
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.
CVE-2025-14549 1 Eclipse 1 Omr 2026-01-20 8.1 High
In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL (0x00) characters during the Latin-compatible charset (UTF-8, ISO8859-1, ASCII, etc) to IBM-1047/037 translation sequence. This can cause the output byte array to be truncated, discarding the first NUL byte and all subsequent characters, and thereby exposing a possible buffer over-read problem. This issue is fixed in Eclipse OMR version 0.8.0.
CVE-2022-50692 1 Sound4 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more 2026-01-20 7.5 High
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the application.
CVE-2025-61782 2 Citeum, Opencti-platform 2 Opencti, Opencti 2026-01-20 5.4 Medium
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint (/auth/saml/callback). By manipulating the RelayState parameter, an attacker can force the server to issue a 302 redirect to any external URL, enabling phishing, credential theft, and arbitrary site redirection. This issue has been patched in version 6.8.3.
CVE-2024-6845 2 Smartsearchwp, Webdigit 2 Chatbot With Chatgpt Wordpress, Chatbot With Chatgpt 2026-01-20 5.3 Medium
The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key
CVE-2025-67813 1 Quest 1 Kace Desktop Authority 2026-01-20 5.3 Medium
Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication
CVE-2025-37181 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2026-01-20 7.2 High
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.
CVE-2025-37182 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2026-01-20 7.2 High
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.
CVE-2025-37183 2 Arubanetworks, Hpe 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator 2026-01-20 7.2 High
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.