Export limit exceeded: 10726 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363604 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-48843 2025-12-29 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-58408 1 Imaginationtech 2 Ddk, Graphics Ddk 2025-12-29 5.9 Medium
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in which the reference counts can become unbalanced. This can lead to the premature destruction of a resource while in use.
CVE-2025-64030 1 Chinasystems 1 Eximbills Enterprise 2025-12-29 5.4 Medium
Eximbills Enterprise 4.1.5 (Built on 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript execution in their browsers.
CVE-2025-30005 1 Xorcom 1 Completepbx 2025-12-27 8.3 High
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35
CVE-2025-30004 1 Xorcom 1 Completepbx 2025-12-27 8.8 High
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35
CVE-2025-2748 1 Kentico 1 Xperience 2025-12-27 6.1 Medium
The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.
CVE-2025-2292 1 Xorcom 1 Completepbx 2025-12-27 6.5 Medium
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.
CVE-2024-8957 1 Ptzoptics 5 Pt30x-ndi-xx-g2, Pt30x-ndi-xx-g2 Firmware, Pt30x-ndi Firmware and 2 more 2025-12-27 7.2 High
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
CVE-2019-25230 1 Kentico 1 Xperience 2025-12-27 4.3 Medium
An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls.
CVE-2019-25228 1 Kentico 1 Xperience 2025-12-27 5.3 Medium
An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/image loading.
CVE-2025-12819 1 Pgbouncer 1 Pgbouncer 2025-12-27 7.5 High
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.
CVE-2021-47715 1 Hasura 1 Graphql Engine 2025-12-26 5.3 Medium
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL definitions to potentially access internal network resources.
CVE-2021-47713 1 Hasura 1 Graphql Engine 2025-12-26 7.5 High
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.
CVE-2023-53970 2 Db Elettronica, Dbbroadcast 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware 2025-12-26 7.5 High
Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafted POST requests with manipulated session parameters.
CVE-2023-53969 2 Db Elettronica, Dbbroadcast 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware 2025-12-26 7.5 High
Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication.
CVE-2023-53967 2 Db Elettronica, Dbbroadcast 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware 2025-12-26 7.5 High
Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password to directly modify the admin account's authentication.
CVE-2023-53968 2 Db Elettronica, Dbbroadcast 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware 2025-12-26 9.8 Critical
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication.
CVE-2023-53974 2 D-link, Dlink 3 Dsl-124, Dsl-124, Dsl-124 Firmware 2025-12-26 7.5 High
D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations.
CVE-2025-56086 1 Ruijie 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-x60 and 1 more 2025-12-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
CVE-2025-56085 1 Ruijie 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-ew300 Pro and 1 more 2025-12-26 8.8 High
OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.