Export limit exceeded: 363855 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20087 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363855 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363855 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42178 | 1 Lenosp Project | 1 Lenosp | 2026-02-03 | 6.5 Medium |
| Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module. | ||||
| CVE-2023-26542 | 1 Exeebit | 1 Phpinfo-wp | 2026-02-03 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <= 4.0 versions. | ||||
| CVE-2025-65552 | 1 D3dsecurity | 2 Zx-g12, Zx-g12 Firmware | 2026-02-03 | 9.8 Critical |
| D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or anti-replay protection, allowing an attacker within RF range to record valid alarm/control frames and replay them to trigger false alarms. | ||||
| CVE-2020-36077 | 1 Tailor Management System Project | 1 Tailor Management System | 2026-02-03 | 8.8 High |
| SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php file | ||||
| CVE-2020-36074 | 1 Tailor Management System Project | 1 Tailor Management System | 2026-02-03 | 8.8 High |
| SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter. | ||||
| CVE-2023-53657 | 1 Linux | 1 Linux Kernel | 2026-02-03 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ice: Don't tx before switchdev is fully configured There is possibility that ice_eswitch_port_start_xmit might be called while some resources are still not allocated which might cause NULL pointer dereference. Fix this by checking if switchdev configuration was finished. | ||||
| CVE-2024-45519 | 1 Synacor | 1 Zimbra Collaboration Suite | 2026-02-03 | 10 Critical |
| The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. | ||||
| CVE-2025-13428 | 1 Google | 2 Cloud Secops Soar Server, Security Operations Soar | 2026-02-03 | 7.2 High |
| A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE) in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containing a malicious setup.py file, which would execute on the server during the installation process, leading to potential server compromise. No customer action is required. All customers have been automatically upgraded to the fixed version: 6.3.64 or higher. | ||||
| CVE-2024-56156 | 1 Halo | 1 Halo | 2026-02-03 | 9.0 Critical |
| Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13. | ||||
| CVE-2025-68142 | 1 Facelessuser | 1 Pymdown Extensions | 2026-02-03 | 5.3 Medium |
| PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension (`pymdownx.blocks.caption`). In systems that take unchecked user content, this could cause long hanges when processing the data if a malicious payload was crafted. This issue is patched in Release 10.16.1. As a workaround, those who process unknown user content without timeouts or other safeguards in place to prevent really large, malicious content being aimed at systems may avoid the use of `pymdownx.blocks.caption` until they're able to upgrade. | ||||
| CVE-2025-65396 | 1 Blurams | 3 Dome Flare, Dome Flare Firmware, Flare Camera | 2026-02-03 | 6.1 Medium |
| A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations. | ||||
| CVE-2025-65397 | 1 Blurams | 3 Dome Flare, Dome Flare Firmware, Flare Camera | 2026-02-03 | 6.8 Medium |
| An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. The vulnerability can be triggered by providing a maliciously crafted auth.ini file on the device's SD card. | ||||
| CVE-2025-65886 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes. | ||||
| CVE-2025-65888 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value. | ||||
| CVE-2025-65889 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-65890 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index. | ||||
| CVE-2025-65891 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index. | ||||
| CVE-2025-70999 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID. | ||||
| CVE-2025-71000 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-71008 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.2 Medium |
| A segmentation violation in the oneflow._oneflow_internal.autograd.Function.FunctionCtx.mark_non_differentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||