Export limit exceeded: 363285 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-15312 1 Tanium 1 Tanos 2026-02-10 6.6 Medium
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
CVE-2025-15311 1 Tanium 1 Tanos 2026-02-10 7.8 High
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
CVE-2025-15340 1 Tanium 2 Comply, Service Comply 2026-02-10 6.5 Medium
Tanium addressed an incorrect default permissions vulnerability in Comply.
CVE-2025-15338 1 Tanium 2 Partner Integration, Service Partnerintegration 2026-02-10 6.5 Medium
Tanium addressed an incorrect default permissions vulnerability in Partner Integration.
CVE-2025-15337 1 Tanium 2 Patch, Service Patch 2026-02-10 6.5 Medium
Tanium addressed an incorrect default permissions vulnerability in Patch.
CVE-2025-15336 1 Tanium 2 Performance, Service Performance 2026-02-10 6.5 Medium
Tanium addressed an incorrect default permissions vulnerability in Performance.
CVE-2025-15321 1 Tanium 1 Tanos 2026-02-10 2.7 Low
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
CVE-2023-22841 1 Intel 2 C621a, Server Firmware Update Utility 2026-02-10 6.7 Medium
Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-58740 2 Microsoft, Milner 2 Windows, Imagedirector Capture 2026-02-10 5.5 Medium
The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.
CVE-2025-58741 1 Milner 1 Imagedirector Capture 2026-02-10 7.5 High
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808.
CVE-2025-58742 2 Microsoft, Milner 2 Windows, Imagedirector Capture 2026-02-10 5.9 Medium
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.
CVE-2025-58744 2 Microsoft, Milner 2 Windows, Imagedirector Capture 2026-02-10 7.5 High
Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key. This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.
CVE-2025-58743 2 Microsoft, Milner 2 Windows, Imagedirector Capture 2026-02-10 7.5 High
Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.
CVE-2025-34281 1 Thingsboard 1 Thingsboard 2026-02-10 5.4 Medium
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
CVE-2025-61732 2 Golang, Gotoolchain 2 Go, Cmd/go 2026-02-10 8.6 High
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
CVE-2025-22873 2 Go Standard Library, Golang 2 Os, Go 2026-02-10 3.8 Low
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.
CVE-2020-36942 2 Victor Cms Project, Victoralagwu 2 Victor Cms, Cmssite 2026-02-10 8.8 High
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.
CVE-2020-37076 2 Victor Cms Project, Victoralagwu 2 Victor Cms, Cmssite 2026-02-10 8.2 High
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based, error-based, and time-based injection techniques.
CVE-2020-37073 2 Victor Cms Project, Victoralagwu 2 Victor Cms, Cmssite 2026-02-10 8.8 High
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter.
CVE-2020-37072 2 Victor Cms Project, Victoralagwu 2 Victor Cms, Cmssite 2026-02-10 7.2 High
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.