Export limit exceeded: 364834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364834 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-25094 2026-01-30 N/A
Not used
CVE-2026-25093 2026-01-30 N/A
Not used
CVE-2026-25092 2026-01-30 N/A
Not used
CVE-2026-25091 2026-01-30 N/A
Not used
CVE-2026-25090 2026-01-30 N/A
Not used
CVE-2025-54942 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.
CVE-2023-4822 2 Grafana, Redhat 3 Grafana, Grafana Enterprise, Ceph Storage 2026-01-30 6.7 Medium
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.
CVE-2025-54946 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.
CVE-2025-54945 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.
CVE-2025-54944 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.
CVE-2025-54943 1 Sun.net 1 Ehrd Ctms 2026-01-30 9.8 Critical
A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.
CVE-2025-67158 1 Revotech 2 I6032w-fhw, I6032w-fhw Firmware 2026-01-30 7.5 High
An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.
CVE-2025-67159 1 Vatilon 2 Pa4, Pa4 Firmware 2026-01-30 7.5 High
Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.
CVE-2025-67160 1 Vatilon 2 Pa4, Pa4 Firmware 2026-01-30 7.5 High
An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.
CVE-2025-61492 1 Gongrzhe 1 Terminal-controller-mcp 2026-01-30 10 Critical
A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input.
CVE-2025-65328 1 Mega-fence Project 1 Mega-fence 2026-01-30 6.5 Medium
Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant state (e.g., WG_CLIENT_IP cookie). Deployments that rely on this value for IP allowlists may be bypassed.
CVE-2025-67303 1 Comfy 2 Comfyui, Comfyui-manager 2026-01-30 7.5 High
An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface
CVE-2025-52519 1 Samsung 16 Exynos, Exynos 1330, Exynos 1330 Firmware and 13 more 2026-01-30 7.1 High
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service.
CVE-2025-57836 2 Microsoft, Samsung 2 Windows, Magician 2026-01-30 7.8 High
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.
CVE-2025-61781 2 Citeum, Opencti-platform 2 Opencti, Opencti 2026-01-30 7.1 High
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation lacks proper authorization checks to verify ownership of the targeted resources. An attacker can exploit this by supplying an active UUID of another user. Since the API does not validate whether the requester owns the resource, the mutation executes successfully, resulting in unauthorized deletion of the entire workspace. Version 6.8.1 fixes the issue.