Export limit exceeded: 364514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364514 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-31144 1 Xen 1 Xapi 2026-01-08 3.8 Low
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories (SRs). The metadata itself is stored in a Virtual Disk Image (VDI) inside an SR. This is used for two purposes; a general backup of metadata (e.g. to recover from a host failure if the filer is still good), and Portable SRs (e.g. using an external hard drive to move VMs to another host). Metadata is only restored as an explicit administrator action, but occurs in cases where the host has no information about the SR, and must locate the metadata VDI in order to retrieve the metadata. The metadata VDI is located by searching (in UUID alphanumeric order) each VDI, mounting it, and seeing if there is a suitable metadata file present. The first matching VDI is deemed to be the metadata VDI, and is restored from. In the general case, the content of VDIs are controlled by the VM owner, and should not be trusted by the host administrator. A malicious guest can manipulate its disk to appear to be a metadata backup. A guest cannot choose the UUIDs of its VDIs, but a guest with one disk has a 50% chance of sorting ahead of the legitimate metadata backup. A guest with two disks has a 75% chance, etc.
CVE-2025-55523 1 Agent-zero 1 Agent-zero 2026-01-08 3.5 Low
An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.
CVE-2025-55524 1 Agent-zero 1 Agent-zero 2026-01-08 7.3 High
Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors.
CVE-2025-59301 1 Deltaww 2 Dvp15mc11t, Dvp15mc11t Firmware 2026-01-08 4 Medium
Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denial of service.
CVE-2022-23130 2 Iconics, Mitsubishielectric 3 Genesis64, Hyper Historian, Mc Works64 2026-01-08 5.9 Medium
Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
CVE-2025-53513 1 Canonical 1 Juju 2026-01-08 8.8 High
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.
CVE-2025-53512 1 Canonical 1 Juju 2026-01-08 6.5 Medium
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.
CVE-2025-0928 1 Canonical 1 Juju 2026-01-08 8.8 High
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.
CVE-2025-40325 1 Linux 2 Kernel, Linux Kernel 2026-01-08 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: md/raid10: wait barrier before returning discard request with REQ_NOWAIT raid10_handle_discard should wait barrier before returning a discard bio which has REQ_NOWAIT. And there is no need to print warning calltrace if a discard bio has REQ_NOWAIT flag. Quality engineer usually checks dmesg and reports error if dmesg has warning/error calltrace.
CVE-2025-39872 1 Linux 1 Linux Kernel 2026-01-08 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsr_get_port_ndev hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function.
CVE-2025-9173 2 Emlog, Emlog Pro Project 2 Emlog, Emlog Pro 2026-01-08 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The file upload in include/service/media.php verifies the file extension based on a list defined in include/lib/option.php. This whitelist prevents unrestricted uploads (e.g. PHP files). Therefore, the attack possibility is just of theoretical nature.
CVE-2026-22581 2026-01-08 N/A
Not used
CVE-2026-22580 2026-01-08 N/A
Not used
CVE-2026-22579 2026-01-08 N/A
Not used
CVE-2026-22578 2026-01-08 N/A
Not used
CVE-2026-22577 2026-01-08 N/A
Not used
CVE-2025-8419 1 Redhat 2 Build Keycloak, Keycloak 2026-01-08 5.3 Medium
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
CVE-2025-5731 2 Infinispan, Redhat 6 Infinispan, Data Grid, Jboss Data Grid and 3 more 2026-01-08 5.5 Medium
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
CVE-2024-7259 2 Ovirt, Redhat 3 Ovirt-engine, Rhev Hypervisor, Virtualization 2026-01-08 4.9 Medium
A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.
CVE-2025-14874 2 Nodemailer, Redhat 6 Nodemailer, Acm, Advanced Cluster Management For Kubernetes and 3 more 2026-01-08 7.5 High
A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.