Search
Search Results (366668 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36125 | 1 Ibm | 2 Hardware Management Console, Power Hardware Management Console | 2025-12-19 | 6.4 Medium |
| IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-10220 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-12-19 | 9.8 Critical |
| Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others. | ||||
| CVE-2025-10221 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-12-19 | 5.5 Medium |
| Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords. | ||||
| CVE-2025-40602 | 1 Sonicwall | 10 Sma1000, Sma6200, Sma6200 Firmware and 7 more | 2025-12-19 | 6.6 Medium |
| A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). | ||||
| CVE-2025-10226 | 3 Axxonsoft, Linux, Microsoft | 4 Axxon One, Linux, Linux Kernel and 1 more | 2025-12-19 | 9.8 Critical |
| Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4. | ||||
| CVE-2025-10227 | 3 Axxonsoft, Linux, Microsoft | 4 Axxon One, Linux, Linux Kernel and 1 more | 2025-12-19 | 4.6 Medium |
| Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon OneĀ (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest. | ||||
| CVE-2025-36035 | 1 Ibm | 24 Power9 System Firmware, Power System E1050 \(9043-mrx\), Power System E1080 \(9080-hex\) and 21 more | 2025-12-19 | 6.7 Medium |
| IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources. | ||||
| CVE-2025-35436 | 1 Cisa | 1 Thorium | 2025-12-19 | 5.3 Medium |
| CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27. | ||||
| CVE-2025-35041 | 2 Airship.ai, Airship Ai | 2 Acropolis, Acropolis | 2025-12-19 | 7.5 High |
| Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9. | ||||
| CVE-2025-35042 | 2 Airship.ai, Airship Ai | 2 Acropolis, Acropolis | 2025-12-19 | 9.8 Critical |
| Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9. | ||||
| CVE-2025-68491 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68490 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68489 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68488 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68487 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68486 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68485 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68484 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68483 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2019-3863 | 5 Debian, Libssh2, Netapp and 2 more | 15 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 12 more | 2025-12-19 | N/A |
| A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error. | ||||