Export limit exceeded: 364834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364834 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25094 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25093 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25092 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25091 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25090 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2025-54942 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication. | ||||
| CVE-2023-4822 | 2 Grafana, Redhat | 3 Grafana, Grafana Enterprise, Ceph Storage | 2026-01-30 | 6.7 Medium |
| Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of. | ||||
| CVE-2025-54946 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2025-54945 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path. | ||||
| CVE-2025-54944 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution. | ||||
| CVE-2025-54943 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks. | ||||
| CVE-2025-67158 | 1 Revotech | 2 I6032w-fhw, I6032w-fhw Firmware | 2026-01-30 | 7.5 High |
| An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request. | ||||
| CVE-2025-67159 | 1 Vatilon | 2 Pa4, Pa4 Firmware | 2026-01-30 | 7.5 High |
| Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext. | ||||
| CVE-2025-67160 | 1 Vatilon | 2 Pa4, Pa4 Firmware | 2026-01-30 | 7.5 High |
| An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal. | ||||
| CVE-2025-61492 | 1 Gongrzhe | 1 Terminal-controller-mcp | 2026-01-30 | 10 Critical |
| A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input. | ||||
| CVE-2025-65328 | 1 Mega-fence Project | 1 Mega-fence | 2026-01-30 | 6.5 Medium |
| Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant state (e.g., WG_CLIENT_IP cookie). Deployments that rely on this value for IP allowlists may be bypassed. | ||||
| CVE-2025-67303 | 1 Comfy | 2 Comfyui, Comfyui-manager | 2026-01-30 | 7.5 High |
| An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface | ||||
| CVE-2025-52519 | 1 Samsung | 16 Exynos, Exynos 1330, Exynos 1330 Firmware and 13 more | 2026-01-30 | 7.1 High |
| An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service. | ||||
| CVE-2025-57836 | 2 Microsoft, Samsung | 2 Windows, Magician | 2026-01-30 | 7.8 High |
| An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges. | ||||
| CVE-2025-61781 | 2 Citeum, Opencti-platform | 2 Opencti, Opencti | 2026-01-30 | 7.1 High |
| OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation lacks proper authorization checks to verify ownership of the targeted resources. An attacker can exploit this by supplying an active UUID of another user. Since the API does not validate whether the requester owns the resource, the mutation executes successfully, resulting in unauthorized deletion of the entire workspace. Version 6.8.1 fixes the issue. | ||||