Export limit exceeded: 363609 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363609 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59301 1 Deltaww 2 Dvp15mc11t, Dvp15mc11t Firmware 2026-01-08 4 Medium
Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denial of service.
CVE-2022-23130 2 Iconics, Mitsubishielectric 3 Genesis64, Hyper Historian, Mc Works64 2026-01-08 5.9 Medium
Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
CVE-2025-53513 1 Canonical 1 Juju 2026-01-08 8.8 High
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.
CVE-2025-53512 1 Canonical 1 Juju 2026-01-08 6.5 Medium
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.
CVE-2025-0928 1 Canonical 1 Juju 2026-01-08 8.8 High
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.
CVE-2025-40325 1 Linux 2 Kernel, Linux Kernel 2026-01-08 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: md/raid10: wait barrier before returning discard request with REQ_NOWAIT raid10_handle_discard should wait barrier before returning a discard bio which has REQ_NOWAIT. And there is no need to print warning calltrace if a discard bio has REQ_NOWAIT flag. Quality engineer usually checks dmesg and reports error if dmesg has warning/error calltrace.
CVE-2025-39872 1 Linux 1 Linux Kernel 2026-01-08 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsr_get_port_ndev hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function.
CVE-2025-9173 2 Emlog, Emlog Pro Project 2 Emlog, Emlog Pro 2026-01-08 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The file upload in include/service/media.php verifies the file extension based on a list defined in include/lib/option.php. This whitelist prevents unrestricted uploads (e.g. PHP files). Therefore, the attack possibility is just of theoretical nature.
CVE-2026-22581 2026-01-08 N/A
Not used
CVE-2026-22580 2026-01-08 N/A
Not used
CVE-2026-22579 2026-01-08 N/A
Not used
CVE-2026-22578 2026-01-08 N/A
Not used
CVE-2026-22577 2026-01-08 N/A
Not used
CVE-2025-8419 1 Redhat 2 Build Keycloak, Keycloak 2026-01-08 5.3 Medium
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
CVE-2025-5731 2 Infinispan, Redhat 6 Infinispan, Data Grid, Jboss Data Grid and 3 more 2026-01-08 5.5 Medium
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
CVE-2024-7259 2 Ovirt, Redhat 3 Ovirt-engine, Rhev Hypervisor, Virtualization 2026-01-08 4.9 Medium
A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.
CVE-2025-14874 2 Nodemailer, Redhat 6 Nodemailer, Acm, Advanced Cluster Management For Kubernetes and 3 more 2026-01-08 7.5 High
A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.
CVE-2025-48429 2 Grassroots Dicom Project, Malaterre 2 Grassroots Dicom, Grassroots Dicom 2026-01-07 7.4 High
An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to leaking heap data. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2025-6966 3 Canonical, Debian, Ubuntu 4 Python-apt, Ubuntu Linux, Debian Linux and 1 more 2026-01-07 5.5 Medium
NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.
CVE-2022-32912 2 Apple, Redhat 4 Ipados, Iphone Os, Safari and 1 more 2026-01-07 8.8 High
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.