Export limit exceeded: 367158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26507 | 1 Hp | 403 115p9aw, 115q0aw, 17f27aw and 400 more | 2026-01-15 | 9.8 Critical |
| Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. | ||||
| CVE-2025-26506 | 1 Hp | 190 499m6a, 499m6a Firmware, 499m7a and 187 more | 2026-01-15 | 9.8 Critical |
| Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. | ||||
| CVE-2025-26508 | 1 Hp | 593 115p9aw, 115q0aw, 17f27aw and 590 more | 2026-01-15 | 9.8 Critical |
| Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. | ||||
| CVE-2024-1869 | 1 Hp | 4 Cq891c, Cq891c Firmware, Cq893c and 1 more | 2026-01-15 | 7.5 High |
| Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220. | ||||
| CVE-2024-27778 | 1 Fortinet | 1 Fortisandbox | 2026-01-15 | 8.3 High |
| An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | ||||
| CVE-2026-23582 | 2026-01-15 | N/A | ||
| Not used | ||||
| CVE-2026-23581 | 2026-01-15 | N/A | ||
| Not used | ||||
| CVE-2026-23580 | 2026-01-15 | N/A | ||
| Not used | ||||
| CVE-2026-23579 | 2026-01-15 | N/A | ||
| Not used | ||||
| CVE-2026-23578 | 2026-01-15 | N/A | ||
| Not used | ||||
| CVE-2026-23577 | 2026-01-15 | N/A | ||
| Not used | ||||
| CVE-2026-23576 | 2026-01-15 | N/A | ||
| Not used | ||||
| CVE-2026-23575 | 2026-01-15 | N/A | ||
| Not used | ||||
| CVE-2026-23574 | 2026-01-15 | N/A | ||
| Not used | ||||
| CVE-2025-48371 | 1 Openfga | 2 Helm Charts, Openfga | 2026-01-15 | 8.8 High |
| OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected under four specific conditions: First, calling Check API or ListObjects with an authorization model that has a relationship directly assignable by both type bound public access and userset; second, there are check or list object queries with contextual tuples for the relationship that can be directly assignable by both type bound public access and userset; third, those contextual tuples’s user field is an userset; and finally, type bound public access tuples are not assigned to the relationship. Users should upgrade to version 1.8.13 to receive a patch. The upgrade is backwards compatible. | ||||
| CVE-2025-66877 | 1 Libming | 1 Libming | 2026-01-15 | 7.5 High |
| Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8. | ||||
| CVE-2025-66869 | 1 Libming | 1 Libming | 2026-01-15 | 7.5 High |
| Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8. | ||||
| CVE-2025-60935 | 1 Returnfi | 1 Blitz | 2026-01-15 | 6.5 Medium |
| An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the next_url parameter in the login endpoint and could lead to phishing or token theft after successful authentication. | ||||
| CVE-2025-68706 | 1 Kuwfi | 3 Ac900, Ac900 Firmware, Ac900 Router | 2026-01-15 | 9.8 Critical |
| A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks. This allows an attacker to corrupt adjacent stack memory, crash the web server, and (under certain conditions) may enable arbitrary code execution. | ||||
| CVE-2025-8679 | 2 Extreme Networks, Extremenetworks | 2 Extremeguest Essentials, Extremeguest Essentials | 2026-01-15 | 9.8 Critical |
| In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated device to be marked as authenticated and obtain network access. Client360 logs may display the client MAC as the username despite no MAC-authentication being enabled. | ||||