Export limit exceeded: 364156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364156 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-61937 1 Aveva 1 Process Optimization 2026-01-22 10 Critical
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the  model application server.
CVE-2025-61943 1 Aveva 2 Historian, Process Optimization 2026-01-22 8.4 High
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.
CVE-2025-63896 2 Jxl, Jxlindia 3 Jxl Double Din Player, Jxl 9 Inch Car Android Double Din Player, Jxl 9 Inch Car Android Double Din Player Firmware 2026-01-22 7.6 High
An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device.
CVE-2024-37006 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-01-22 7.8 High
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
CVE-2024-37000 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-01-22 7.8 High
A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
CVE-2024-23157 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-01-22 7.8 High
A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
CVE-2024-23156 1 Autodesk 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more 2026-01-22 7.8 High
A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
CVE-2024-23148 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-01-22 7.8 High
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
CVE-2024-23147 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2026-01-22 7.8 High
A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
CVE-2024-12178 1 Autodesk 4 Navisworks, Navisworks Freedom, Navisworks Manage and 1 more 2026-01-22 7.8 High
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2025-64691 1 Aveva 1 Process Optimization 2026-01-22 8.8 High
The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.
CVE-2025-64729 1 Aveva 1 Process Optimization 2026-01-22 8.1 High
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.
CVE-2025-65117 1 Aveva 1 Process Optimization 2026-01-22 7.4 High
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.
CVE-2025-65118 1 Aveva 2 Application Server, Process Optimization 2026-01-22 8.8 High
The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.
CVE-2025-64769 1 Aveva 1 Process Optimization 2026-01-22 7.1 High
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios.
CVE-2021-41739 1 Articatech 1 Artica Proxy 2026-01-22 9.8 Critical
A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp.
CVE-2025-68151 1 Coredns.io 1 Coredns 2026-01-22 7.5 High
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints. Version 1.14.0 contains a patch.
CVE-2025-31963 1 Hcltech 1 Bigfix Insights For Vulnerability Remediation 2026-01-22 2.9 Low
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests.
CVE-2024-53252 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2024-53251 2026-01-22 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.