Export limit exceeded: 364439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364439 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-49191 1 Sick 1 Field Analytics 2026-01-29 4.8 Medium
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.
CVE-2025-65091 1 Xwiki 2 Full Calendar Macro, Xwiki 2026-01-29 10 Critical
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page (including guest users) can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been patched in version 2.4.5.
CVE-2025-65090 1 Xwiki 2 Full Calendar Macro, Xwiki 2026-01-29 5.3 Medium
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of passwords. This issue has been patched in version 2.4.6.
CVE-2025-1708 1 Endress 2 Meac300-fnade4, Meac300-fnade4 Firmware 2026-01-29 8.6 High
The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content.
CVE-2025-15223 1 Philipinho 1 Simple-php-blog 2026-01-29 4.3 Medium
A vulnerability was found in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. Impacted is an unknown function of the file /login.php. Performing manipulation of the argument Username results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure and makes clear that the product is "[f]or educational purposes only".
CVE-2025-14738 1 Tp-link 2 Tl-wa850re, Tl-wa850re Firmware 2026-01-29 7.5 High
Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.
CVE-2023-53965 1 Sound4 31 Big Voice, Big Voice Firmware, First and 28 more 2026-01-29 8.4 High
SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.
CVE-2025-10214 2 Microsoft, Updf 2 Windows, Updf 2026-01-29 7.8 High
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\<user>\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence.
CVE-2025-58187 1 Golang 2 Crypto, Go 2026-01-29 7.5 High
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
CVE-2025-58188 1 Golang 2 Crypto, Go 2026-01-29 7.5 High
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
CVE-2025-58189 1 Golang 2 Crypto, Go 2026-01-29 5.3 Medium
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
CVE-2025-61723 1 Golang 2 Encoding, Go 2026-01-29 7.5 High
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
CVE-2025-61724 1 Golang 2 Go, Net 2026-01-29 5.3 Medium
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
CVE-2025-54495 1 Meddream 2 Pacs Premium, Pacs Server 2026-01-29 6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-54157 1 Meddream 2 Pacs Premium, Pacs Server 2026-01-29 6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-53912 1 Meddream 2 Pacs Premium, Pacs Server 2026-01-29 9.6 Critical
An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.
CVE-2025-53854 1 Meddream 2 Pacs Premium, Pacs Server 2026-01-29 6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-53707 1 Meddream 2 Pacs Premium, Pacs Server 2026-01-29 6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-53516 1 Meddream 2 Pacs Premium, Pacs Server 2026-01-29 6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-46270 1 Meddream 2 Pacs Premium, Pacs Server 2026-01-29 6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.