Export limit exceeded: 364878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364878 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-48019 2 Yokogawa, Yokogawa Electric Corporation 3 Centum Vp, Vnet\/ip Interface Package, Vnet/ip Interface Package 2026-03-02 6.5 Medium
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVE-2025-48022 2 Yokogawa, Yokogawa Electric Corporation 3 Centum Vp, Vnet\/ip Interface Package, Vnet/ip Interface Package 2026-03-02 6.5 Medium
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVE-2025-48021 2 Yokogawa, Yokogawa Electric Corporation 3 Centum Vp, Vnet\/ip Interface Package, Vnet/ip Interface Package 2026-03-02 6.5 Medium
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVE-2025-1924 2 Yokogawa, Yokogawa Electric Corporation 3 Centum Vp, Vnet\/ip Interface Package, Vnet/ip Interface Package 2026-03-02 8.2 High
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVE-2019-25347 1 Kostasmitroglou 2 Password Management Application, Thesystem 2026-03-02 7.5 High
thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts.
CVE-2019-25346 1 Kostasmitroglou 2 Password Management Application, Thesystem 2026-03-02 7.5 High
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information.
CVE-2019-25298 1 Lolypop55 1 Html5 Snmp 2026-03-02 9.1 Critical
html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by sending crafted payloads.
CVE-2019-25294 1 Lolypop55 1 Html5 Snmp 2026-03-02 6.1 Medium
html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victim browsers when the page is loaded.
CVE-2025-14577 1 Slican 19 Ipl, Ipl-256.3u, Ipl-256.wm and 16 more 2026-03-02 9.8 Critical
Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endpoint. This issue was fixed in version 1.24.0190 (Slican NCP) and 6.61.0010 (Slican IPL/IPM/IPU).
CVE-2022-20775 1 Cisco 84 1100-4g Integrated Services Router, 1100-4p Integrated Services Router, 1100-6g Integrated Services Router and 81 more 2026-03-02 7.8 High
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
CVE-2025-69971 1 Frangoteam 1 Fuxa 2026-02-28 9.8 Critical
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access.
CVE-2025-66374 1 Cyberark 1 Endpoint Privilege Manager 2026-02-28 7.8 High
CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task.
CVE-2025-65887 1 Oneflow 1 Oneflow 2026-02-28 6.5 Medium
A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero.
CVE-2024-26480 1 Statping-ng 1 Statping-ng 2026-02-28 7.5 High
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter.
CVE-2023-37028 1 Linuxfoundation 1 Magma 2026-02-28 6.5 Medium
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Modification Indication` packet missing an expected `eNB_UE_S1AP_ID` field.
CVE-2024-29741 1 Google 1 Android 2026-02-28 7.8 High
In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-55928 1 Xerox 1 Workplace Suite 2026-02-28 6.5 Medium
Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption
CVE-2024-55927 1 Xerox 1 Workplace Suite 2026-02-28 7.6 High
A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions.
CVE-2024-55926 1 Xerox 1 Workplace Suite 2026-02-28 7.6 High
A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data
CVE-2024-55925 1 Xerox 1 Workplace Suite 2026-02-28 7.5 High
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.