Export limit exceeded: 364862 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364862 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-58590 1 Sick 4 Baggage Analytics, Logistic Diagnostic Analytics, Package Analytics and 1 more 2026-01-27 6.5 Medium
It's possible to brute force folders and files, what can be used by an attacker to steal sensitve information.
CVE-2025-58591 1 Sick 4 Baggage Analytics, Logistic Diagnostic Analytics, Package Analytics and 1 more 2026-01-27 6.5 Medium
A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information.
CVE-2025-46818 1 Redis 1 Redis 2026-01-27 6 Medium
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
CVE-2025-46819 1 Redis 1 Redis 2026-01-27 6.3 Medium
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
CVE-2025-46817 1 Redis 1 Redis 2026-01-27 7 High
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
CVE-2025-47321 1 Qualcomm 231 Ar8031, Ar8031 Firmware, Ar8035 and 228 more 2026-01-27 7.8 High
Memory corruption while copying packets received from unix clients.
CVE-2025-8113 2 Shopfiles, Wordpress 2 Ebook Store, Wordpress 2026-01-27 6.1 Medium
The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
CVE-2025-47356 1 Qualcomm 39 Cologne, Cologne Firmware, Fastconnect 6900 and 36 more 2026-01-27 7.8 High
Memory Corruption when multiple threads concurrently access and modify shared resources.
CVE-2025-47369 1 Qualcomm 351 Ar8035, Ar8035 Firmware, Csra6620 and 348 more 2026-01-27 5.5 Medium
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
CVE-2025-5115 1 Eclipse 1 Jetty 2026-01-27 7.5 High
In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory. For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal. Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame. The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time. The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame. Links: * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h
CVE-2025-47380 1 Qualcomm 29 Fastconnect 7800, Fastconnect 7800 Firmware, Qcc2072 and 26 more 2026-01-27 7.8 High
Memory corruption while preprocessing IOCTLs in sensors.
CVE-2025-47388 1 Qualcomm 91 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 88 more 2026-01-27 7.8 High
Memory corruption while passing pages to DSP with an unaligned starting address.
CVE-2025-47393 1 Qualcomm 37 Qam8255p, Qam8255p Firmware, Qam8650p and 34 more 2026-01-27 7.8 High
Memory corruption when accessing resources in kernel driver.
CVE-2025-47394 1 Qualcomm 91 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 88 more 2026-01-27 7.8 High
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
CVE-2025-47395 1 Qualcomm 3 Snapdragon, Wcn7861, Wcn7861 Firmware 2026-01-27 6.5 Medium
Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
CVE-2025-47396 1 Qualcomm 91 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 88 more 2026-01-27 7.8 High
Memory corruption occurs when a secure application is launched on a device with insufficient memory.
CVE-2025-52094 1 Pdq 1 Smart Deploy 2026-01-27 7.8 High
Insecure Permissions vulnerability in PDQ Smart Deploy V.3.0.2040 allows a local attacker to execute arbtirary code via the \HKLM\SYSTEM\Setup\SmartDeploy component
CVE-2025-52095 1 Pdq 1 Smart Deploy 2026-01-27 9.8 Critical
An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll
CVE-2025-7974 1 Rocket.chat 1 Rocket.chat 2026-01-27 7.5 High
rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 3000 by default. The issue results from incorrect authorization. An attacker can leverage this vulnerability to disclose information in the context of the application. Was ZDI-CAN-26517.
CVE-2025-56101 1 Ruijie 5 M18-ew, M18-ew Firmware, M18 Ew and 2 more 2026-01-27 8.8 High
OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.