Export limit exceeded: 364439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364439 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-62408 1 C-ares 1 C-ares 2026-02-02 5.9 Medium
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
CVE-2025-69285 2 Dataease, Fit2cloud 2 Sqlbot, Sqlbot 2026-02-02 6.1 Medium
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data directly into the PostgreSQL database. The endpoint is explicitly added to the authentication whitelist, causing the TokenMiddleware to bypass all token validation. Uploaded files are parsed by pandas and inserted into the database via to_sql() with if_exists='replace' mode. The vulnerability has been fixed in v1.5.0. No known workarounds are available.
CVE-2024-2420 1 Honeywell 1 Lenels2 Netbox 2026-02-02 9.8 Critical
LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.
CVE-2024-2422 1 Honeywell 1 Lenels2 Netbox 2026-02-02 8.8 High
LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.
CVE-2024-2421 1 Honeywell 1 Lenels2 Netbox 2026-02-02 9.8 Critical
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions.
CVE-2025-64718 2 Js-yaml, Nodeca 2 Js-yaml, Js-yaml 2026-02-02 5.3 Medium
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).
CVE-2024-34764 2026-02-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE ID.
CVE-2024-43275 2026-02-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE.
CVE-2025-15447 1 Seeyon 1 Zhiyuan Oa Web Application System 2026-02-02 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry.
CVE-2025-15446 1 Seeyon 1 Zhiyuan Oa Web Application System 2026-02-02 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry.
CVE-2025-15427 1 Seeyon 1 Zhiyuan Oa Web Application System 2026-02-02 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry.
CVE-2021-47916 2026-02-01 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2021-47853 1 Phppgadmin 1 Phppgadmin 2026-02-01 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-42130 1 Linux 1 Linux Kernel 2026-01-31 5.6 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-41375 1 Limesurvey 1 Limesurvey 2026-01-30 9.8 Critical
SQL Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability allows an attacker to retrieve, create, update and delete database via 'token' parameter in '/index.php' endpoint.
CVE-2025-41376 1 Limesurvey 1 Limesurvey 2026-01-30 5.3 Medium
CRLF Injection vulnerability in Limesurvey v2.65.1+170522.  This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid/<SID>/token/fwyfw%0d%0aCookie:%20POC'.
CVE-2024-6933 1 Limesurvey 1 Limesurvey 2026-01-30 6.3 Medium
A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings of the component Survey General Settings Handler. This manipulation of the argument Language causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 6.6.2+240827 can resolve this issue. Patch name: d656d2c7980b7642560977f4780e64533a68e13d. You should upgrade the affected component.
CVE-2024-55930 1 Xerox 1 Workplace Suite 2026-01-30 6.7 Medium
Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files
CVE-2024-55931 1 Xerox 1 Workplace Suite 2026-01-30 6.5 Medium
Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised.  The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin.
CVE-2024-55929 1 Xerox 1 Workplace Suite 2026-01-30 5.3 Medium
A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources.