Export limit exceeded: 364243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364243 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-14923 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-03-04 4.7 Medium
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings.
CVE-2025-36364 1 Ibm 1 Devops Plan 2026-03-04 6.2 Medium
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system.
CVE-2025-36363 1 Ibm 1 Devops Plan 2026-03-04 5.9 Medium
IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVE-2025-47371 1 Qualcomm 251 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Ar8035 and 248 more 2026-03-04 6.5 Medium
Transient DOS when an LTE RLC packet with invalid TB is received by UE.
CVE-2025-52365 1 Ccurtsinger 1 Stabilizer 2026-03-04 7.8 High
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper input handling where command-line arguments are directly concatenated into shell commands without validation
CVE-2024-55027 1 Weintek 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more 2026-03-04 7.5 High
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.
CVE-2024-55019 1 Weintek 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more 2026-03-04 6.5 Medium
Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files.
CVE-2024-55020 1 Weintek 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more 2026-03-04 9.8 Critical
A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.
CVE-2024-55024 1 Weintek 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more 2026-03-04 8.8 High
An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.
CVE-2024-55025 1 Weintek 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more 2026-03-04 6.5 Medium
Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system.
CVE-2024-55026 1 Weintek 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more 2026-03-04 8.8 High
An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
CVE-2025-66945 2 Zdir, Zdir Pro 2 Zdir, Zdir Pro 2026-03-04 9.1 Critical
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution
CVE-2025-62815 2 Samsung, Samsung Mobile 12 Exynos, Exynos 1380, Exynos 1380 Firmware and 9 more 2026-03-04 5.5 Medium
An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service.
CVE-2025-67507 1 Filamentphp 1 Filament 2026-03-04 8.1 High
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. This issue is fixed in version 4.3.1.
CVE-2025-66623 2 Linuxfoundation, Strimzi 2 Strimzi, Kafka-operator 2026-03-04 7.4 High
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 and prior to 0.49.1, in some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands the GET access to all Kubernetes Secrets that exist in the given Kubernetes namespace. The issue is fixed in Strimzi 0.49.1.
CVE-2025-28164 1 Libpng 1 Libpng 2026-03-04 5.5 Medium
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
CVE-2022-50696 3 Linux, Microsoft, Sound4 23 Linux, Windows, Big Voice2 and 20 more 2026-03-04 9.8 Critical
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions without requiring user interaction.
CVE-2022-50790 1 Sound4 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more 2026-03-04 7.5 High
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream details without requiring authentication.
CVE-2022-50792 1 Sound4 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more 2026-03-04 7.5 High
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected device.
CVE-2025-47383 1 Qualcomm 413 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, 9206 Lte Modem and 410 more 2026-03-04 7.2 High
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.