Export limit exceeded: 364428 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364428 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-24024 2026-01-21 N/A
Not used
CVE-2026-24023 2026-01-21 N/A
Not used
CVE-2026-24022 2026-01-21 N/A
Not used
CVE-2026-24021 2026-01-21 N/A
Not used
CVE-2026-24020 2026-01-21 N/A
Not used
CVE-2020-10188 7 Arista, Debian, Fedoraproject and 4 more 10 Eos, Debian Linux, Fedora and 7 more 2026-01-21 9.8 Critical
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
CVE-2023-23354 1 Qnap 4 Qts, Qulog Center, Quts Hero and 1 more 2026-01-20 7.3 High
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
CVE-2023-23357 1 Qnap 4 Qts, Qulog Center, Quts Hero and 1 more 2026-01-20 4.8 Medium
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
CVE-2025-55089 1 Eclipse 1 Threadx Filex 2026-01-20 9.8 Critical
In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets
CVE-2025-8944 2 Oceanwp, Wordpress 3 Oceanwp, Oceanwp Plugin, Wordpress 2026-01-20 4.3 Medium
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod` setting.
CVE-2025-44137 1 Maptiler 1 Tileserver Php 2026-01-20 8.2 High
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"
CVE-2025-15236 2 Quanta Computer, Quantatw 2 Qoca Aim Ai Medical Cloud Platform, Qoca Aim 2026-01-20 4.3 Medium
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability.
CVE-2025-15237 2 Quanta Computer, Quantatw 2 Qoca Aim Ai Medical Cloud Platform, Qoca Aim 2026-01-20 4.3 Medium
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability.
CVE-2025-15235 2 Quanta Computer, Quantatw 2 Qoca Aim Ai Medical Cloud Platform, Qoca Aim 2026-01-20 6.5 Medium
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files.
CVE-2025-15240 2 Quanta Computer, Quantatw 2 Qoca Aim Ai Medical Cloud Platform, Qoca Aim 2026-01-20 8.8 High
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
CVE-2025-15238 2 Quanta Computer, Quantatw 2 Qoca Aim Ai Medical Cloud Platform, Qoca Aim 2026-01-20 6.5 Medium
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2025-15239 2 Quanta Computer, Quantatw 2 Qoca Aim Ai Medical Cloud Platform, Qoca Aim 2026-01-20 6.5 Medium
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2025-10215 2 Microsoft, Updf 2 Windows, Updf 2026-01-20 7.8 High
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence.
CVE-2025-39869 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-01-20 7.1 High
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a critical memory allocation bug in edma_setup_from_hw() where queue_priority_map was allocated with insufficient memory. The code declared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8), but allocated memory using sizeof(s8) instead of the correct size. This caused out-of-bounds memory writes when accessing: queue_priority_map[i][0] = i; queue_priority_map[i][1] = i; The bug manifested as kernel crashes with "Oops - undefined instruction" on ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the memory corruption triggered kernel hardening features on Clang. Change the allocation to use sizeof(*queue_priority_map) which automatically gets the correct size for the 2D array structure.
CVE-2025-39870 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-01-20 7.8 High
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix double free in idxd_setup_wqs() The clean up in idxd_setup_wqs() has had a couple bugs because the error handling is a bit subtle. It's simpler to just re-write it in a cleaner way. The issues here are: 1) If "idxd->max_wqs" is <= 0 then we call put_device(conf_dev) when "conf_dev" hasn't been initialized. 2) If kzalloc_node() fails then again "conf_dev" is invalid. It's either uninitialized or it points to the "conf_dev" from the previous iteration so it leads to a double free. It's better to free partial loop iterations within the loop and then the unwinding at the end can handle whole loop iterations. I also renamed the labels to describe what the goto does and not where the goto was located.