Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-47320 1 Qualcomm 427 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8017 and 424 more 2026-02-10 7.8 High
Memory corruption while processing MFC channel configuration during music playback.
CVE-2025-21484 1 Qualcomm 347 Apq8064au, Apq8064au Firmware, Aqt1000 and 344 more 2026-02-10 8.2 High
Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
CVE-2025-69542 1 Dlink 2 Dir-895la1, Dir-895la1 Firmware 2026-02-10 9.8 Critical
A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges.
CVE-2025-67811 1 Area9lyceum 1 Rhapsode 2026-02-10 6.5 Medium
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond.
CVE-2025-67810 1 Area9lyceum 1 Rhapsode 2026-02-10 6.5 Medium
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions.
CVE-2025-14026 1 Forcepoint 2 One Data Loss Prevention, One Endpoint 2026-02-10 7.8 High
Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed.
CVE-2022-2709 1 Cagewebdev 1 Float To Top Button 2026-02-10 4.8 Medium
The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-5653 1 Chanjetvip 1 T\+ 2026-02-10 7.3 High
A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-267185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-10492 2 Cloud, Jaspersoft 6 Jasperreports Io, Jasperreports Library, Jasperreports Server and 3 more 2026-02-10 9.8 Critical
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
CVE-2025-21449 1 Qualcomm 371 315 5g Iot, 315 5g Iot Firmware, Apq8017 and 368 more 2026-02-10 7.5 High
Transient DOS may occur while processing malformed length field in SSID IEs.
CVE-2023-48124 1 Nayem-howlader 1 Sup Online Shopping 2026-02-10 5.4 Medium
Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote attacker to execute arbitrary code via the Name, Email and Address parameters in the Register New Account component.
CVE-2025-70791 1 Microweber 1 Microweber 2026-02-10 6.1 Medium
Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was reported to the developers and fixed in version 2.0.20.
CVE-2025-70792 1 Microweber 1 Microweber 2026-02-10 6.1 Medium
Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was reported to the developers and fixed in version 2.0.20.
CVE-2024-54855 1 Fabricators 2 Vanilla Os 2 Core Image, Vanilla Os Core Image 2026-02-10 6.4 Medium
fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.
CVE-2025-70963 1 Getgophish 1 Gophish 2026-02-10 7.6 High
Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context.
CVE-2026-25950 2026-02-10 N/A
Further research determined the issue is not a vulnerability.
CVE-2025-6010 2026-02-10 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-62392 1 Ivanti 1 Endpoint Manager 2026-02-10 6.5 Medium
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62391 1 Ivanti 1 Endpoint Manager 2026-02-10 6.5 Medium
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62390 1 Ivanti 1 Endpoint Manager 2026-02-10 6.5 Medium
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.