Export limit exceeded: 364285 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-57130 1 Zwiicms 1 Zwiicms 2026-02-02 8.3 High
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user, including administrators.
CVE-2025-68718 1 Kaysus 2 Ks-wr1200, Ks-wr1200 Firmware 2026-02-02 5.4 Medium
KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials (root:12345678). The administrator cannot disable these services or change the hardcoded password. (Changing the management GUI password does not affect SSH/TELNET authentication.) Any LAN-adjacent attacker can trivially log in with root privileges.
CVE-2025-68719 1 Kaysus 2 Ks-wr3600, Ks-wr3600 Firmware 2026-02-02 8.8 High
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow, enabling credential recovery and potential full compromise of the device.
CVE-2025-33210 1 Nvidia 1 Isaac Lab 2026-02-02 9 Critical
NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.
CVE-2023-54328 1 Aimonesoft 1 Aimone Video Converter 2026-02-02 6.5 Medium
AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism.
CVE-2022-50933 1 Malavida 2 Cain \& Abel, Cain And Abel 2026-02-02 7.8 High
Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions.
CVE-2022-50928 2 Ivt Corp, Ivtcorporation 2 Bluesoleilcs, Bluesoleilcs 2026-02-02 7.8 High
BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe' to inject malicious executables and escalate privileges.
CVE-2022-50921 2 Ilwebmaster21, Wow21 2 Wow21, Wow21 2026-02-02 7.8 High
WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.
CVE-2018-25146 1 Microhardcorp 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more 2026-02-02 8.1 High
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.
CVE-2018-25144 1 Microhardcorp 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more 2026-02-02 8.4 High
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.
CVE-2025-33225 2 Linux, Nvidia 4 Linux, Linux Kernel, Nvidia Resiliency Extension and 1 more 2026-02-02 8.4 High
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.
CVE-2025-33235 2 Linux, Nvidia 4 Linux, Linux Kernel, Nvidia Resiliency Extension and 1 more 2026-02-02 7.8 High
NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges.
CVE-2025-7208 1 9fans 1 Plan9port 2026-02-02 5.5 Medium
A vulnerability was found in 9fans plan9port up to 9da5b44. It has been classified as critical. This affects the function edump in the library /src/plan9port/src/libsec/port/x509.c. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is b3e06559475b0130a7a2fb56ac4d131d13d2012f. It is recommended to apply a patch to fix this issue.
CVE-2025-8485 1 Lenovo 1 App Store 2026-02-02 7.3 High
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.
CVE-2025-7209 1 9fans 1 Plan9port 2026-02-02 3.3 Low
A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function value_decode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is deae8939583d83fd798fca97665e0e94656c3ee8. It is recommended to apply a patch to fix this issue.
CVE-2025-2503 1 Lenovo 1 Pcmanager 2026-02-02 7.1 High
An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.
CVE-2025-67717 1 Zitadel 1 Zitadel 2026-02-02 4.3 Medium
ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2.
CVE-2018-17207 1 Awesomemotive 1 Duplicator 2026-02-02 9.8 Critical
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
CVE-2018-25095 1 Awesomemotive 1 Duplicator 2026-02-02 9.8 Critical
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.
CVE-2018-7543 1 Awesomemotive 1 Duplicator 2026-02-02 6.1 Medium
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.