Search

Search Results (366361 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-22807 1 Tormach 2 Pathpilot Controller, Xstech Cnc Router 2025-09-15 6.5 Medium
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption.
CVE-2024-22808 1 Tormach 3 Pathpilot Controller, Pilotpath Controller, Xstech Cnc Router 2025-09-15 7.5 High
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card's name in the device memory.
CVE-2024-22809 1 Tormach 3 Pathpilot Controller, Pilotpath Controller, Xstech Cnc Router 2025-09-15 6.5 Medium
Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information.
CVE-2024-22811 1 Tormach 3 Pathpilot Controller, Pilotpath Controller, Xstech Cnc Router 2025-09-15 8.2 High
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the Hostmot2 configuration cookie in the device memory.
CVE-2024-22813 1 Tormach 3 Pathpilot Controller, Pilotpath Controller, Xstech Cnc Router 2025-09-15 4.4 Medium
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller.
CVE-2024-22815 1 Tormach 3 Pathpilot Controller, Pilotpath Controller, Xstech Cnc Router 2025-09-15 5.3 Medium
An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands.
CVE-2024-29376 1 Sylius 1 Sylius 2025-09-15 6.4 Medium
Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book.
CVE-2025-52485 1 Dnnsoftware 1 Dotnetnuke 2025-09-15 5.4 Medium
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.
CVE-2025-52486 1 Dnnsoftware 2 Dnn Platform, Dotnetnuke 2025-09-15 6.1 Medium
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been patched in version 10.0.1.
CVE-2024-7344 7 Cs-grp, Greenware, Howyar and 4 more 7 Neo Impact, Greenguard, Sysreturn and 4 more 2025-09-15 8.2 High
Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.
CVE-2024-50698 1 Sungrowpower 2 Winet-s, Winet-s Firmware 2025-09-15 9.8 Critical
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.
CVE-2025-52487 1 Dnnsoftware 1 Dotnetnuke 2025-09-15 7.5 High
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP Addresses not in the allow list. This issue has been patched in version 10.0.1.
CVE-2025-52488 1 Dnnsoftware 1 Dotnetnuke 2025-09-15 8.6 High
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.
CVE-2025-52284 1 Totolink 2 X6000r, X6000r Firmware 2025-09-15 6.5 Medium
Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.
CVE-2023-53212 2025-09-15 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-49135 2 Cvat, Cvat-ai 2 Computer Vision Annotation Tool, Cvat 2025-09-15 6.5 Medium
CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the same user. As a result, if an attacker with a CVAT account and a `user` role knows the filenames of other users' uploads, they could potentially access and steal data by creating projects or tasks using those files. This issue does not affect annotation or dataset TUS uploads, since in this case object-specific temporary directories are used. Users should upgrade to CVAT 2.40.0 or a later version to receive a patch. No known workarounds are available.
CVE-2025-8846 1 Nasm 1 Netwide Assembler 2025-09-15 5.3 Medium
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2025-8842 1 Nasm 1 Netwide Assembler 2025-09-15 5.3 Medium
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2025-8843 1 Nasm 1 Netwide Assembler 2025-09-15 5.3 Medium
A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVE-2025-8844 1 Nasm 1 Netwide Assembler 2025-09-15 3.3 Low
A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.