Export limit exceeded: 363915 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363915 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63224 | 1 Itel | 3 Dab Encoder, Idenc, Idenc Firmware | 2026-01-15 | 10 Critical |
| The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices. | ||||
| CVE-2025-63223 | 1 Axeltechnology | 2 Streamermax Mk Ii, Streamermax Mk Ii Firmware | 2026-01-15 | 9.8 Critical |
| The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device. | ||||
| CVE-2025-69259 | 2 Microsoft, Trendmicro | 3 Windows, Apex Central, Apexcentral | 2026-01-15 | 7.5 High |
| A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.. | ||||
| CVE-2025-69260 | 2 Microsoft, Trendmicro | 3 Windows, Apex Central, Apexcentral | 2026-01-15 | 7.5 High |
| A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability. | ||||
| CVE-2022-44349 | 1 Navblue | 1 N-ops \& Crew | 2026-01-15 | 5.4 Medium |
| NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2025-62875 | 4 Openbsd, Opensmtpd, Opensuse and 1 more | 5 Opensmtpd, Opensmtpd, Tumbleweed and 2 more | 2026-01-15 | 5.5 Medium |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1. | ||||
| CVE-2025-60738 | 1 Ilevia | 2 Eve X1 Server, Eve X1 Server Firmware | 2026-01-15 | 9.8 Critical |
| An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters | ||||
| CVE-2025-63211 | 1 Bridgetech | 2 Vbc Server, Vbc Server Element Manager | 2026-01-15 | 6.1 Medium |
| Stored cross-site scripting vulnerability in bridgetech VBC Server & Element Manager, firmware versions 6.5.0-9 thru 6.5.0-10, allows attackers to execute arbitrary code via the addName parameter to the /vbc/core/userSetupDoc/userSetupDoc endpoint. | ||||
| CVE-2023-26692 | 1 Zcbs | 3 Zbbs, Zcbs, Zpbs | 2026-01-15 | 6.1 Medium |
| ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2025-63213 | 1 Qvidium | 2 Opera11, Opera11 Firmware | 2026-01-15 | 9.8 Critical |
| The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code Execution (RCE) due to improper input validation on the /cgi-bin/net_ping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inject arbitrary commands. These commands are executed with root privileges, allowing attackers to gain full control over the device. This poses a significant security risk to any device running this software. | ||||
| CVE-2025-63212 | 1 Gatesair | 9 Flexiva-lx, Flexiva Lx100, Flexiva Lx1000 and 6 more | 2026-01-15 | 6.5 Medium |
| GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out. | ||||
| CVE-2025-65089 | 2 Xwiki, Xwikisas | 2 Pro Macros, Xwiki-pro-macros | 2026-01-15 | 6.8 Medium |
| XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0. | ||||
| CVE-2025-65026 | 2 Esm, Esm-dev | 2 Esm.sh, Esmsh | 2026-01-15 | 6.1 Medium |
| esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability (CWE-94) in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter, esm.sh converts it to a JavaScript module by embedding the CSS content directly into a template literal without proper sanitization. An attacker can inject malicious JavaScript code using ${...} expressions within CSS files, which will execute when the module is imported by victim applications. This enables Cross-Site Scripting (XSS) in browsers and Remote Code Execution (RCE) in Electron applications. This issue has been patched in version 136. | ||||
| CVE-2025-65025 | 2 Esm, Esm-dev | 2 Esm.sh, Esmsh | 2026-01-15 | 8.2 High |
| esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths (e.g., package/../../tmp/evil.js). When esm.sh downloads and extracts this package, files may be written to arbitrary locations on the server, escaping the intended extraction directory. This issue has been patched in version 136. | ||||
| CVE-2025-14405 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | 6.8 Medium |
| PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27867. | ||||
| CVE-2025-68962 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.1 Medium |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68961 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.1 Medium |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68960 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8.4 High |
| Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68959 | 1 Huawei | 2 Emui, Harmonyos | 2026-01-15 | 6.2 Medium |
| Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-68958 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||