Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363281 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62389 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62388 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62387 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62386 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62385 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62384 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62383 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-61550 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-02-10 | 5.4 Medium |
| Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). User-supplied input is stored and later rendered in HTML pages without proper output encoding or sanitization. This allows attackers to persistently inject arbitrary JavaScript that executes in the context of other users' sessions | ||||
| CVE-2025-61549 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-02-10 | 6.1 Medium |
| Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows attackers to execute arbitrary JavaScript in the context of a victim s browser session | ||||
| CVE-2025-61548 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-02-10 | 9.8 Critical |
| SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands | ||||
| CVE-2025-61547 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-02-10 | 6.8 Medium |
| Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into unknowingly executing unintended actions within their session. This can lead to unauthorized data modification such as credential updates. | ||||
| CVE-2025-21605 | 4 Debian, Lfprojects, Redhat and 1 more | 9 Debian Linux, Valkey, Discovery and 6 more | 2026-02-10 | 7.5 High |
| Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password authentication is enabled on the Redis server, but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system will run out of memory. This issue has been patched in version 7.4.3. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways. Either using network access control tools like firewalls, iptables, security groups, etc, or enabling TLS and requiring users to authenticate using client side certificates. | ||||
| CVE-2025-11623 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-15325 | 1 Tanium | 2 Discover, Service Discover | 2026-02-10 | 6.3 Medium |
| Tanium addressed an improper input validation vulnerability in Discover. | ||||
| CVE-2025-15339 | 1 Tanium | 2 Discover, Service Discover | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Discover. | ||||
| CVE-2025-15341 | 1 Tanium | 2 Benchmark, Service Benchmark | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Benchmark. | ||||
| CVE-2025-15342 | 1 Tanium | 2 Reputation, Service Reputation | 2026-02-10 | 4.3 Medium |
| Tanium addressed an improper access controls vulnerability in Reputation. | ||||
| CVE-2025-56230 | 1 Tencent | 2 Docs, Docs Desktop | 2026-02-10 | 7.5 High |
| Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component. | ||||
| CVE-2025-11653 | 1 Utt | 3 2620g, 2620g Firmware, Hiper 2620g | 2026-02-10 | 8.8 High |
| A vulnerability was determined in UTT HiPER 2620G up to 3.1.4. Impacted is the function strcpy of the file /goform/fNTP. This manipulation of the argument NTPServerIP causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-59596 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2026-02-10 | 6.5 Medium |
| CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash. | ||||