Export limit exceeded: 364834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364834 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59106 | 2 Dormakaba, Dormakabagroup | 13 Access Manager, Dormakaba Access Manager 9200-k5, Dormakaba Access Manager 9200-k5 Firmware and 10 more | 2026-02-12 | 8.8 High |
| The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges. | ||||
| CVE-2025-67274 | 1 Continuous.software | 1 Aangine | 2026-02-12 | 7.5 High |
| An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints | ||||
| CVE-2025-70982 | 2 Bladex, Chillzhuang | 2 Springblade, Springblade | 2026-02-12 | 9.9 Critical |
| Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data. | ||||
| CVE-2025-67221 | 1 Ijl | 1 Orjson | 2026-02-12 | 7.5 High |
| The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents. | ||||
| CVE-2025-56590 | 1 Apryse | 2 Html2pdf, Html2pdf Sdk | 2026-02-12 | 9.8 Critical |
| An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server. | ||||
| CVE-2025-68686 | 1 Fortinet | 1 Fortios | 2026-02-12 | 5.3 Medium |
| An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level. | ||||
| CVE-2025-54170 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 6.5 Medium |
| An out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-57708 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 6.5 Medium |
| An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-57709 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 8.1 High |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-57710 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 4.9 Medium |
| An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-57711 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 4.9 Medium |
| An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-58467 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 6.5 Medium |
| A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-58470 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 6.5 Medium |
| A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-58471 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 4.9 Medium |
| An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.2.0.1 ( 2025/12/21 ) and later | ||||
| CVE-2025-58472 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 4.9 Medium |
| A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-68406 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 6.5 Medium |
| A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-52869 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 8.1 High |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-52870 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 8.1 High |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-53598 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 6.5 Medium |
| A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-54146 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 6.5 Medium |
| A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||