Export limit exceeded: 364155 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364155 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46308 | 1 Plotly | 1 Plotly.js | 2025-12-24 | 9.8 Critical |
| In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty. | ||||
| CVE-2025-68695 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68694 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68693 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68692 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68691 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68690 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68689 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68688 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-68687 | 2025-12-24 | N/A | ||
| Not used | ||||
| CVE-2025-47325 | 1 Qualcomm | 89 Csr8811, Csr8811 Firmware, Ipq8070 and 86 more | 2025-12-23 | 6.5 Medium |
| Information disclosure while processing system calls with invalid parameters. | ||||
| CVE-2025-47350 | 1 Qualcomm | 37 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 34 more | 2025-12-23 | 7.8 High |
| Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application. | ||||
| CVE-2025-47372 | 1 Qualcomm | 47 Qam8255p, Qam8255p Firmware, Qam8620p and 44 more | 2025-12-23 | 9 Critical |
| Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication. | ||||
| CVE-2024-23789 | 2 Sharp, Sharp Corporation | 5 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 2 more | 2025-12-23 | 8.8 High |
| Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product. | ||||
| CVE-2025-59479 | 1 Inaba | 2 Ib-mct001, Ib-mct001 Firmware | 2025-12-23 | 6.1 Medium |
| CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product. | ||||
| CVE-2025-66357 | 1 Inaba | 2 Ib-mct001, Ib-mct001 Firmware | 2025-12-23 | N/A |
| CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally. | ||||
| CVE-2025-61976 | 1 Inaba | 2 Ib-mct001, Ib-mct001 Firmware | 2025-12-23 | N/A |
| CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive. | ||||
| CVE-2025-66173 | 1 Hikvision | 4 Ds-7104hghi-f1, Ds-7104hghi-f1 Firmware, Ds-7204hghi-f1 and 1 more | 2025-12-23 | 6.2 Medium |
| There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment. | ||||
| CVE-2025-66174 | 1 Hikvision | 4 Ds-7104hghi-f1, Ds-7104hghi-f1 Firmware, Ds-7204hghi-f1 and 1 more | 2025-12-23 | 6.5 Medium |
| There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands. | ||||
| CVE-2025-14701 | 2 Arcadia Technology, Craftycontrol | 2 Crafty Controller, Crafty Controller | 2025-12-23 | 7.1 High |
| An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification. | ||||