Export limit exceeded: 363680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363680 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-4063 1 Sierrawireless 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more 2025-12-15 8.8 High
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2025-11700 1 N-able 1 N-central 2025-12-15 7.5 High
N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure
CVE-2025-36072 1 Ibm 1 Webmethods Integration 2025-12-15 8.8 High
IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data.
CVE-2025-64524 1 Openprinting 2 Cups-filters, Libcupsfilters 2025-12-15 3.3 Low
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault when processing maliciously crafted input data. This issue can be exploited to trigger memory corruption, potentially leading to arbitrary code execution. This issue has been patched via commit 956283c.
CVE-2025-9624 2 Amazon, Opensearch 2 Opensearch, Opensearch 2025-12-15 7.5 High
A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.
CVE-2025-65094 1 Wbce 1 Wbce Cms 2025-12-15 8.8 High
WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, but server-side validation is missing, allowing attackers to overwrite their group membership and obtain full administrative access. This results in a complete compromise of the CMS. This issue has been patched in version 1.6.4.
CVE-2025-59693 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-15 9.8 Critical
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02.
CVE-2025-59694 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-15 6.8 Medium
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the firmware via JTAG or perform an upgrade to the chassis management board firmware. This is called F03.
CVE-2025-59695 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-15 9.8 Critical
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.
CVE-2023-36690 1 Vibethemes 1 Wordpress Learning Management System 2025-12-15 8.1 High
Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.
CVE-2025-67907 2025-12-15 N/A
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-67906. Reason: This candidate is a reservation duplicate of CVE-2025-67906. Notes: All CVE users should reference CVE-2025-67906 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2025-13832 2025-12-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-67871 2025-12-13 N/A
Not used
CVE-2025-67870 2025-12-13 N/A
Not used
CVE-2025-67869 2025-12-13 N/A
Not used
CVE-2025-67868 2025-12-13 N/A
Not used
CVE-2025-67867 2025-12-13 N/A
Not used
CVE-2025-67866 2025-12-13 N/A
Not used
CVE-2025-67865 2025-12-13 N/A
Not used
CVE-2025-67864 2025-12-13 N/A
Not used