Export limit exceeded: 363785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63221 | 1 Axeltechnology | 2 Puma, Puma Firmware | 2026-01-12 | 9.1 Critical |
| The Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device. | ||||
| CVE-2023-4785 | 2 Grpc, Redhat | 2 Grpc, Satellite | 2026-01-12 | 7.5 High |
| Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. | ||||
| CVE-2025-63243 | 1 Pixeon | 1 Weblaudos | 2026-01-12 | 4.6 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the password change functionality of Pixeon WebLaudos 25.1 (01). The sle_sSenha parameter to the loginAlterarSenha.asp file. An attacker can craft a malicious URL that, when visited by a victim, causes arbitrary JavaScript code to be executed in the victim's browser within the security context of the vulnerable application. This issue could allow attackers to steal session cookies, disclose sensitive information, perform unauthorized actions on behalf of the user, or conduct phishing attacks. | ||||
| CVE-2025-2894 | 1 Unitree | 2 Go1, Go1 Firmware | 2026-01-12 | 6.6 Medium |
| The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service. | ||||
| CVE-2025-63219 | 1 Itel | 3 Iso-fm, Iso-fm Firmware, Iso Fm Sfn Adapter | 2026-01-12 | 7.5 High |
| The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and compromise system integrity. | ||||
| CVE-2025-63218 | 1 Axeltechnology | 4 Wolf1ms, Wolf1ms Firmware, Wolf2ms and 1 more | 2026-01-12 | 9.8 Critical |
| The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device. | ||||
| CVE-2024-2054 | 1 Articatech | 1 Artica Proxy | 2026-01-12 | 9.8 Critical |
| The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. | ||||
| CVE-2024-2053 | 1 Articatech | 1 Artica Proxy | 2026-01-12 | 7.5 High |
| The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user. | ||||
| CVE-2024-2055 | 1 Articatech | 1 Artica Proxy | 2026-01-12 | 9.8 Critical |
| The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. | ||||
| CVE-2024-2056 | 1 Articatech | 1 Artica Proxy | 2026-01-12 | 9.8 Critical |
| Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed. | ||||
| CVE-2025-39734 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: Revert "fs/ntfs3: Replace inode_trylock with inode_lock" This reverts commit 69505fe98f198ee813898cbcaf6770949636430b. Initially, conditional lock acquisition was removed to fix an xfstest bug that was observed during internal testing. The deadlock reported by syzbot is resolved by reintroducing conditional acquisition. The xfstest bug no longer occurs on kernel version 6.16-rc1 during internal testing. I assume that changes in other modules may have contributed to this. | ||||
| CVE-2025-47343 | 1 Qualcomm | 51 Cologne, Cologne Firmware, Fastconnect 6700 and 48 more | 2026-01-12 | 7.8 High |
| Memory corruption while processing a video session to set video parameters. | ||||
| CVE-2025-67268 | 1 Gpsd Project | 1 Gpsd | 2026-01-12 | 9.8 Critical |
| gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution. | ||||
| CVE-2025-49483 | 1 Asrmicro | 7 Asr1803, Asr1806, Asr1901 and 4 more | 2026-01-12 | 5.4 Medium |
| Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr069_uci.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536. | ||||
| CVE-2025-49482 | 1 Asrmicro | 7 Asr1803, Asr1806, Asr1901 and 4 more | 2026-01-12 | 5.4 Medium |
| Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr098.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536. | ||||
| CVE-2024-55374 | 2 Redcap, Vanderbilt | 2 Redcap, Redcap | 2026-01-12 | 5.3 Medium |
| REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts. | ||||
| CVE-2024-33657 | 1 Ami | 1 Aptio V | 2026-01-12 | 7.8 High |
| This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. | ||||
| CVE-2024-33656 | 1 Ami | 1 Aptio V | 2026-01-12 | 7.8 High |
| The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms | ||||
| CVE-2025-58770 | 1 Ami | 1 Aptio V | 2026-01-12 | 8.8 High |
| APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability. | ||||
| CVE-2025-14596 | 3 Altera, Intel, Microsoft | 3 Quartus Prime Pro, Quartus Prime, Windows | 2026-01-12 | 6.7 Medium |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1. | ||||