Export limit exceeded: 364348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364348 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-29636 1 Zhenfeng13 1 My Blog 2026-01-27 5.4 Medium
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.
CVE-2018-14634 6 Canonical, F5, Linux and 3 more 35 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 32 more 2026-01-27 N/A
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
CVE-2012-2571 1 Winwebmail 1 Winwebmail Server 2026-01-27 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
CVE-2023-43944 1 Oretnom23 1 Task Management System 2026-01-27 5.4 Medium
A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list.
CVE-2022-28975 1 Infoblox 1 Nios 2026-01-27 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field.
CVE-2023-29240 1 F5 1 Big-iq Centralized Management 2026-01-27 5.4 Medium
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-23419 3 Debian, F5, Redhat 4 Debian Linux, Nginx, Nginx Plus and 1 more 2026-01-27 4.3 Medium
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-54755 1 F5 22 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 19 more 2026-01-27 4.9 Medium
A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated attacker to access files which are not limited to the intended files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-40550 2 Fedoraproject, Redhat 7 Fedora, Enterprise Linux, Rhel Aus and 4 more 2026-01-27 5.5 Medium
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
CVE-2025-56108 1 Ruijie 11 Rg-eap602, Rg-eap602 Firmware, Rg-est310 and 8 more 2026-01-26 8.8 High
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.
CVE-2025-13928 1 Gitlab 1 Gitlab 2026-01-26 7.5 High
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints.
CVE-2025-13927 1 Gitlab 1 Gitlab 2026-01-26 7.5 High
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data.
CVE-2025-13335 1 Gitlab 1 Gitlab 2026-01-26 6.5 Medium
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that bypass cycle detection.
CVE-2025-70651 1 Tenda 2 Ax1803, Ax1803 Firmware 2026-01-26 7.5 High
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70648 1 Tenda 2 Ax1803, Ax1803 Firmware 2026-01-26 7.5 High
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70646 1 Tenda 2 Ax1803, Ax1803 Firmware 2026-01-26 7.5 High
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71020 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-01-26 7.5 High
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-56088 1 Ruijie 2 Rg-bcr860, Rg-bcr860 Firmware 2026-01-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_service in file /usr/lib/lua/luci/controller/admin/service.lua.
CVE-2025-70746 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-01-26 7.5 High
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70645 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-01-26 7.5 High
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.