Export limit exceeded: 365158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-13928 1 Gitlab 1 Gitlab 2026-01-26 7.5 High
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints.
CVE-2025-13927 1 Gitlab 1 Gitlab 2026-01-26 7.5 High
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data.
CVE-2025-13335 1 Gitlab 1 Gitlab 2026-01-26 6.5 Medium
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that bypass cycle detection.
CVE-2025-70651 1 Tenda 2 Ax1803, Ax1803 Firmware 2026-01-26 7.5 High
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70648 1 Tenda 2 Ax1803, Ax1803 Firmware 2026-01-26 7.5 High
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70646 1 Tenda 2 Ax1803, Ax1803 Firmware 2026-01-26 7.5 High
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71020 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-01-26 7.5 High
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-56088 1 Ruijie 2 Rg-bcr860, Rg-bcr860 Firmware 2026-01-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_service in file /usr/lib/lua/luci/controller/admin/service.lua.
CVE-2025-70746 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-01-26 7.5 High
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70645 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-01-26 7.5 High
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70650 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-01-26 7.5 High
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70644 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-01-26 7.5 High
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_60CFC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-56109 1 Ruijie 2 Rg-bcr860, Rg-bcr860 Firmware 2026-01-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_wireless in file /usr/lib/lua/luci/control/admin/wireless.lua.
CVE-2025-69764 1 Tenda 2 Ax3, Ax3 Firmware 2026-01-26 9.8 Critical
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution.
CVE-2025-69766 1 Tenda 2 Ax3, Ax3 Firmware 2026-01-26 9.8 Critical
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution.
CVE-2025-69762 1 Tenda 2 Ax3, Ax3 Firmware 2026-01-26 9.8 Critical
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution.
CVE-2025-69763 1 Tenda 2 Ax3, Ax3 Firmware 2026-01-26 9.8 Critical
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution.
CVE-2024-31976 2 Engenius, Engeniustech 3 Ews356 Fit Firmware, Ews356-fir, Ews356-fir Firmware 2026-01-26 8 High
EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter.
CVE-2025-56106 1 Ruijie 4 Rg-est350, Rg-est350 Firmware, Rg-ew1800gx and 1 more 2026-01-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.
CVE-2018-25143 1 Microhardcorp 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more 2026-01-26 8.8 High
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.