Export limit exceeded: 10662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364396 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47802 | 1 Tenda | 4 D151, D151 Firmware, D301 and 1 more | 2026-02-02 | 7.5 High |
| Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication. | ||||
| CVE-2021-47849 | 1 Yodinfo | 1 Mini Mouse | 2026-02-02 | 6.2 Medium |
| Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests. | ||||
| CVE-2021-47850 | 1 Yodinfo | 1 Mini Mouse | 2026-02-02 | 7.5 High |
| Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating file and path parameters. | ||||
| CVE-2021-47851 | 1 Yodinfo | 1 Mini Mouse | 2026-02-02 | 9.8 Critical |
| Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script commands. | ||||
| CVE-2025-66959 | 1 Ollama | 1 Ollama | 2026-02-02 | 7.5 High |
| An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder | ||||
| CVE-2025-66960 | 1 Ollama | 1 Ollama | 2026-02-02 | 7.5 High |
| An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata | ||||
| CVE-2025-12781 | 1 Python | 2 Cpython, Python | 2026-02-02 | 5.3 Medium |
| When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without "+/"). If your application does not use the "altchars" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted "+" or "/" outside of altchars. | ||||
| CVE-2026-0921 | 2026-02-02 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2025-67825 | 2 Gonitro, Microsoft | 2 Nitro Pdf Pro, Windows | 2026-02-02 | 5.5 Medium |
| An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updated to ensure signer information consistently reflects the verified certificate identity. | ||||
| CVE-2025-68716 | 1 Kaysus | 2 Ks-wr3600, Ks-wr3600 Firmware | 2026-02-02 | 8.4 High |
| KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to trivially gain root shell access and execute arbitrary commands with full privileges. | ||||
| CVE-2025-68717 | 1 Kaysus | 2 Ks-wr3600, Ks-wr3600 Firmware | 2026-02-02 | 9.4 Critical |
| KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user's active session to retrieve sensitive configuration data or execute privileged actions without authentication. | ||||
| CVE-2025-57130 | 1 Zwiicms | 1 Zwiicms | 2026-02-02 | 8.3 High |
| An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user, including administrators. | ||||
| CVE-2025-68718 | 1 Kaysus | 2 Ks-wr1200, Ks-wr1200 Firmware | 2026-02-02 | 5.4 Medium |
| KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials (root:12345678). The administrator cannot disable these services or change the hardcoded password. (Changing the management GUI password does not affect SSH/TELNET authentication.) Any LAN-adjacent attacker can trivially log in with root privileges. | ||||
| CVE-2025-68719 | 1 Kaysus | 2 Ks-wr3600, Ks-wr3600 Firmware | 2026-02-02 | 8.8 High |
| KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow, enabling credential recovery and potential full compromise of the device. | ||||
| CVE-2025-33210 | 1 Nvidia | 1 Isaac Lab | 2026-02-02 | 9 Critical |
| NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution. | ||||
| CVE-2023-54328 | 1 Aimonesoft | 1 Aimone Video Converter | 2026-02-02 | 6.5 Medium |
| AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism. | ||||
| CVE-2022-50933 | 1 Malavida | 2 Cain \& Abel, Cain And Abel | 2026-02-02 | 7.8 High |
| Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions. | ||||
| CVE-2022-50928 | 2 Ivt Corp, Ivtcorporation | 2 Bluesoleilcs, Bluesoleilcs | 2026-02-02 | 7.8 High |
| BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2022-50921 | 2 Ilwebmaster21, Wow21 | 2 Wow21, Wow21 | 2026-02-02 | 7.8 High |
| WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup. | ||||
| CVE-2018-25146 | 1 Microhardcorp | 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more | 2026-02-02 | 8.1 High |
| Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart. | ||||