Export limit exceeded: 367158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-26507 1 Hp 403 115p9aw, 115q0aw, 17f27aw and 400 more 2026-01-15 9.8 Critical
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVE-2025-26506 1 Hp 190 499m6a, 499m6a Firmware, 499m7a and 187 more 2026-01-15 9.8 Critical
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVE-2025-26508 1 Hp 593 115p9aw, 115q0aw, 17f27aw and 590 more 2026-01-15 9.8 Critical
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVE-2024-1869 1 Hp 4 Cq891c, Cq891c Firmware, Cq893c and 1 more 2026-01-15 7.5 High
Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220.
CVE-2024-27778 1 Fortinet 1 Fortisandbox 2026-01-15 8.3 High
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
CVE-2026-23582 2026-01-15 N/A
Not used
CVE-2026-23581 2026-01-15 N/A
Not used
CVE-2026-23580 2026-01-15 N/A
Not used
CVE-2026-23579 2026-01-15 N/A
Not used
CVE-2026-23578 2026-01-15 N/A
Not used
CVE-2026-23577 2026-01-15 N/A
Not used
CVE-2026-23576 2026-01-15 N/A
Not used
CVE-2026-23575 2026-01-15 N/A
Not used
CVE-2026-23574 2026-01-15 N/A
Not used
CVE-2025-48371 1 Openfga 2 Helm Charts, Openfga 2026-01-15 8.8 High
OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected under four specific conditions: First, calling Check API or ListObjects with an authorization model that has a relationship directly assignable by both type bound public access and userset; second, there are check or list object queries with contextual tuples for the relationship that can be directly assignable by both type bound public access and userset; third, those contextual tuples’s user field is an userset; and finally, type bound public access tuples are not assigned to the relationship. Users should upgrade to version 1.8.13 to receive a patch. The upgrade is backwards compatible.
CVE-2025-66877 1 Libming 1 Libming 2026-01-15 7.5 High
Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8.
CVE-2025-66869 1 Libming 1 Libming 2026-01-15 7.5 High
Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8.
CVE-2025-60935 1 Returnfi 1 Blitz 2026-01-15 6.5 Medium
An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the next_url parameter in the login endpoint and could lead to phishing or token theft after successful authentication.
CVE-2025-68706 1 Kuwfi 3 Ac900, Ac900 Firmware, Ac900 Router 2026-01-15 9.8 Critical
A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks. This allows an attacker to corrupt adjacent stack memory, crash the web server, and (under certain conditions) may enable arbitrary code execution.
CVE-2025-8679 2 Extreme Networks, Extremenetworks 2 Extremeguest Essentials, Extremeguest Essentials 2026-01-15 9.8 Critical
In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated device to be marked as authenticated and obtain network access. Client360 logs may display the client MAC as the username despite no MAC-authentication being enabled.