Export limit exceeded: 364863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364863 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65026 | 2 Esm, Esm-dev | 2 Esm.sh, Esmsh | 2026-01-15 | 6.1 Medium |
| esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability (CWE-94) in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter, esm.sh converts it to a JavaScript module by embedding the CSS content directly into a template literal without proper sanitization. An attacker can inject malicious JavaScript code using ${...} expressions within CSS files, which will execute when the module is imported by victim applications. This enables Cross-Site Scripting (XSS) in browsers and Remote Code Execution (RCE) in Electron applications. This issue has been patched in version 136. | ||||
| CVE-2025-65025 | 2 Esm, Esm-dev | 2 Esm.sh, Esmsh | 2026-01-15 | 8.2 High |
| esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths (e.g., package/../../tmp/evil.js). When esm.sh downloads and extracts this package, files may be written to arbitrary locations on the server, escaping the intended extraction directory. This issue has been patched in version 136. | ||||
| CVE-2025-14405 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | 6.8 Medium |
| PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27867. | ||||
| CVE-2025-68962 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.1 Medium |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68961 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.1 Medium |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68960 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8.4 High |
| Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68959 | 1 Huawei | 2 Emui, Harmonyos | 2026-01-15 | 6.2 Medium |
| Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-68958 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68957 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8.4 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68956 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-14404 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | N/A |
| PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XLS files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27498. | ||||
| CVE-2025-14403 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | N/A |
| PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the Launch action. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27500. | ||||
| CVE-2025-14402 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | N/A |
| PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DOC files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27499. | ||||
| CVE-2025-14401 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | N/A |
| PDFsam Enhanced App Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of App objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27260. | ||||
| CVE-2025-68955 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-33222 | 1 Nvidia | 1 Isaac Launchable | 2026-01-15 | 9.8 Critical |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering. | ||||
| CVE-2025-33223 | 1 Nvidia | 1 Isaac Launchable | 2026-01-15 | 9.8 Critical |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering. | ||||
| CVE-2025-33224 | 1 Nvidia | 1 Isaac Launchable | 2026-01-15 | 9.8 Critical |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering. | ||||
| CVE-2025-68967 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.7 Medium |
| Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-68966 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.1 Medium |
| Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||