Export limit exceeded: 364448 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364448 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-66916 1 Dromara 1 Ruoyi-vue-plus 2026-01-30 9.4 Critical
The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing.
CVE-2025-68715 1 Pandawireless 2 Pwru01, Pwru01 Firmware 2026-01-30 9.1 Critical
An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints (/goform/setWan, /goform/setLan, /goform/wirelessBasic) that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading to privilege escalation and denial of service.
CVE-2021-47790 2 Py Software, Pysoft 2 Active Webcam, Active Webcam 2026-01-30 7.8 High
Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path by placing malicious executables in specific directory locations to gain administrative access.
CVE-2021-47791 1 Smartftp 1 Smartftp 2026-01-30 7.5 High
SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's interface.
CVE-2021-47792 1 Remotemouse 1 Remote Mouse 2026-01-30 7.8 High
Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the RemoteMouseService to inject malicious executables and gain administrative access.
CVE-2021-47806 2 Dupscout, Flexense 2 Dup Scout, Dup Scout 2026-01-30 7.8 High
Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious executables and escalate privileges.
CVE-2021-47807 2 Flexense, Syncbreeze 2 Sync Breeze, Sync Breeze 2026-01-30 7.8 High
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious executables and escalate privileges.
CVE-2025-6776 1 Xiaoyunjie 1 Openvpn-cms-flask 2026-01-30 7.3 High
A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The name of the patch is e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component.
CVE-2025-6775 1 Xiaoyunjie 1 Openvpn-cms-flask 2026-01-30 6.3 Medium
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component.
CVE-2025-5885 1 Konicaminolta 1 Bizhub 2026-01-30 4.3 Medium
A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5884 1 Konicaminolta 1 Bizhub 2026-01-30 3.5 Low
A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5378 1 Astuntechnology 1 Ishare Maps 2026-01-30 4.3 Medium
A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of the file mycouncil2.aspx. The manipulation of the argument atTxtStreet leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5377 1 Astuntechnology 1 Ishare Maps 2026-01-30 4.3 Medium
A vulnerability was found in Astun Technology iShare Maps 5.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file historic1.asp. The manipulation of the argument Zoom leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-12758 2 Validator Project, Validatorjs 2 Validator, Validator.js 2026-01-29 7.5 High
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.
CVE-2025-25748 1 Digitaldruid 1 Hoteldruid 2026-01-29 7.3 High
A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token.
CVE-2025-27795 1 Graphicsmagick 1 Graphicsmagick 2026-01-29 4.3 Medium
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
CVE-2025-27796 1 Graphicsmagick 1 Graphicsmagick 2026-01-29 4.5 Medium
ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.
CVE-2024-56526 1 Oxid-esales 1 Eshop 2026-01-29 7.5 High
An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.
CVE-2025-32460 1 Graphicsmagick 1 Graphicsmagick 2026-01-29 4 Medium
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
CVE-2025-1946 1 Hzmanyun 1 Education And Training System 2026-01-29 6.3 Medium
A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.