Export limit exceeded: 365312 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365312 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-67076 1 Agora-project 1 Agora-project 2026-01-21 7.5 High
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read.
CVE-2025-67079 1 Agora-project 1 Agora-project 2026-01-21 9.8 Critical
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.
CVE-2024-3623 1 Redhat 1 Mirror Registry 2026-01-21 6.5 Medium
A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database.
CVE-2025-68438 1 Apache 1 Airflow 2026-01-21 7.5 High
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include user-registered mask_secret() patterns, so secrets were not reliably masked before truncation and display. Users are recommended to upgrade to 3.1.6 or later, which fixes this issue
CVE-2026-24026 2026-01-21 N/A
Not used
CVE-2026-24025 2026-01-21 N/A
Not used
CVE-2026-24024 2026-01-21 N/A
Not used
CVE-2026-24023 2026-01-21 N/A
Not used
CVE-2026-24022 2026-01-21 N/A
Not used
CVE-2026-24021 2026-01-21 N/A
Not used
CVE-2026-24020 2026-01-21 N/A
Not used
CVE-2020-10188 7 Arista, Debian, Fedoraproject and 4 more 10 Eos, Debian Linux, Fedora and 7 more 2026-01-21 9.8 Critical
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
CVE-2023-23354 1 Qnap 4 Qts, Qulog Center, Quts Hero and 1 more 2026-01-20 7.3 High
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
CVE-2023-23357 1 Qnap 4 Qts, Qulog Center, Quts Hero and 1 more 2026-01-20 4.8 Medium
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later
CVE-2025-55089 1 Eclipse 1 Threadx Filex 2026-01-20 9.8 Critical
In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets
CVE-2025-8944 2 Oceanwp, Wordpress 3 Oceanwp, Oceanwp Plugin, Wordpress 2026-01-20 4.3 Medium
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod` setting.
CVE-2025-44137 1 Maptiler 1 Tileserver Php 2026-01-20 8.2 High
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"
CVE-2025-15236 2 Quanta Computer, Quantatw 2 Qoca Aim Ai Medical Cloud Platform, Qoca Aim 2026-01-20 4.3 Medium
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability.
CVE-2025-15237 2 Quanta Computer, Quantatw 2 Qoca Aim Ai Medical Cloud Platform, Qoca Aim 2026-01-20 4.3 Medium
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability.
CVE-2025-15235 2 Quanta Computer, Quantatw 2 Qoca Aim Ai Medical Cloud Platform, Qoca Aim 2026-01-20 6.5 Medium
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files.