Export limit exceeded: 363761 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363761 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-4788 1 Ibm 3 Tivoli Netcool/impact, Tivoli Netcool\/impact, Tivoli Netcool Impact 2026-04-14 8.4 High
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.
CVE-2026-3357 2 Ibm, Langflow 2 Langflow Desktop, Langflow 2026-04-14 8.8 High
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component.
CVE-2026-28553 1 Huawei 2 Emui, Harmonyos 2026-04-14 6.9 Medium
Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-23818 1 Hpe 2 Aruba Networking Private 5g Core, Private 5g Core 2026-04-14 8.8 High
A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.
CVE-2025-67260 2 Aster, Aster-te 6 Tkservercgi, Tkwebcoreng, Tpkwebgis Client and 3 more 2026-04-14 8.8 High
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack TpkWebGIS Client 1.0.0.
CVE-2024-44722 1 Anolis 1 Sysak 2026-04-14 9.8 Critical
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.
CVE-2026-40386 1 Libexif Project 1 Libexif 2026-04-14 4 Medium
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
CVE-2022-29083 1 Dell 216 Chengming 3980, Chengming 3980 Firmware, Chengming 3990 and 213 more 2026-04-14 6.8 Medium
Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system.
CVE-2026-40385 1 Libexif Project 1 Libexif 2026-04-14 4 Medium
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
CVE-2026-6139 1 Totolink 2 A7100ru, A7100ru Firmware 2026-04-14 9.8 Critical
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-27664 1 Siemens 2 Cpci85 Central Processing\/communication, Sicore Base System 2026-04-14 7.5 High
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.
CVE-2026-27663 1 Siemens 2 Cpci85 Central Processing\/communication, Rtum85 rtu Base 2026-04-14 6.5 Medium
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.
CVE-2026-34353 1 Ocaml 1 Ocaml 2026-04-14 5.9 Medium
In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed.
CVE-2017-20221 1 Telesquare 2 Sdt-cs3b1, Sdt-cs3b1 Firmware 2026-04-14 4.3 Medium
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.
CVE-2017-20222 1 Telesquare 2 Sdt-cs3b1, Sdt-cs3b1 Firmware 2026-04-14 7.5 High
Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of service by forcing the router to restart.
CVE-2017-20223 1 Telesquare 2 Sdt-cs3b1, Sdt-cs3b1 Firmware 2026-04-14 9.8 Critical
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.
CVE-2017-20224 1 Telesquare 2 Sdt-cs3b1, Sdt-cs3b1 Firmware 2026-04-14 9.8 Critical
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executable code, delete files, or manipulate server content for remote code execution or denial of service.
CVE-2026-35167 2 Kedro-org, Linuxfoundation 2 Kedro, Kedro 2026-04-14 7.1 High
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory. This is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0.
CVE-2019-25471 2 Filethingie, Leefish 2 Filethingie, File Thingie 2026-04-14 9.8 Critical
FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, and execute arbitrary commands through the extracted PHP files.
CVE-2026-22898 2 Qnap, Qnap Systems 2 Qvr Pro, Qvr Pro 2026-04-14 9.8 Critical
A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later