Export limit exceeded: 363618 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-67634 1 Cisa 2 Software Acquisition Guide, Software Acquisition Guide Tool 2026-01-08 4.4 Medium
The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would execute in the context of the user's browser when the user submits the page (clicks 'Next').
CVE-2025-21063 1 Samsung 2 Android, Voice Recorder 2026-01-08 4.6 Medium
Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.
CVE-2025-11651 1 Utt 2 518g, 518g Firmware 2026-01-08 8.8 High
A vulnerability has been found in UTT 进取 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub_4247AC of the file /goform/formRemoteControl. The manipulation of the argument Profile leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-11652 1 Utt 2 518g, 518g Firmware 2026-01-08 8.8 High
A vulnerability was found in UTT 进取 518G up to V3v3.2.7-210919-161313. This issue affects some unknown processing of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-61304 1 Dynatrace 2 Activegate, Activegate Ping Extension 2026-01-08 9.8 Critical
OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address.
CVE-2025-63248 1 Diaowen 1 Dwsurvey 2026-01-08 7.5 High
DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires.
CVE-2025-63917 2 Cnblogs, Pdfpatcher 2 Pdfpatcher, Pdfpatcher 2026-01-08 7.1 High
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem, exfiltrate sensitive data via out-of-band (OOB) HTTP requests, perform SSRF attacks against internal network resources, or cause a denial of service via entity expansion attacks.
CVE-2024-30149 1 Hcltech 1 Appscan Source 2026-01-08 4.8 Medium
HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.
CVE-2025-63918 2 Cnblogs, Pdfpatcher 2 Pdfpatcher, Pdfpatcher 2026-01-08 6.2 Medium
PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations.
CVE-2025-58407 1 Imaginationtech 2 Ddk, Graphics Ddk 2026-01-08 7.4 High
Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine.
CVE-2025-13306 2 D-link, Dlink 12 Dir-822, Dir-825, Dwr-920 and 9 more 2026-01-08 6.3 Medium
A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVE-2025-55796 1 Openml 1 Openml.org 2026-01-08 7.5 High
The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted as "%d %H:%M:%S" without incorporating any user-specific data or cryptographic randomness. This predictability allows remote attackers to brute-force valid tokens within a small time window, enabling unauthorized account confirmation, password resets, and email change approvals, potentially leading to account takeover.
CVE-2024-42508 1 Hpe 1 Oneview 2026-01-08 5.5 Medium
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.
CVE-2025-60455 1 Modular 2 Max, Modular 2026-01-08 8.4 High
Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code.
CVE-2025-63220 1 Sound4 2 First, First Firmware 2026-01-08 7.2 High
The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware.
CVE-2025-13442 1 Utt 2 750w, 750w Firmware 2026-01-08 7.3 High
A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-58488 1 Samsung 3 Mobile, Samsung Mobile, Smart Touch Call 2026-01-08 4.5 Medium
Improper verification of source of a communication channel in SmartTouchCall prior to version 1.0.1.1 allows remote attackers to access sensitive information. User interaction is required for triggering this vulnerability.
CVE-2025-10169 1 Utt 2 1200gw, 1200gw Firmware 2026-01-08 8.8 High
A weakness has been identified in UTT 1200GW up to 3.0.0-170831. Affected by this issue is some unknown functionality of the file /goform/ConfigWirelessBase. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-10170 1 Utt 2 1200gw, 1200gw Firmware 2026-01-08 8.8 High
A security vulnerability has been detected in UTT 1200GW up to 3.0.0-170831. This affects the function sub_4B48F8 of the file /goform/formApLbConfig. Such manipulation of the argument loadBalanceNameOld leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-10757 1 Utt 2 1200gw, 1200gw Firmware 2026-01-08 8.8 High
A weakness has been identified in UTT 1200GW up to 3.0.0-170831. The affected element is an unknown function of the file /goform/formConfigDnsFilterGlobal. This manipulation of the argument GroupName causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.