Export limit exceeded: 26338 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364816 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12819 | 1 Pgbouncer | 1 Pgbouncer | 2025-12-27 | 7.5 High |
| Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage. | ||||
| CVE-2021-47715 | 1 Hasura | 1 Graphql Engine | 2025-12-26 | 5.3 Medium |
| Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL definitions to potentially access internal network resources. | ||||
| CVE-2021-47713 | 1 Hasura | 1 Graphql Engine | 2025-12-26 | 7.5 High |
| Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint. | ||||
| CVE-2023-53970 | 2 Db Elettronica, Dbbroadcast | 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | 7.5 High |
| Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafted POST requests with manipulated session parameters. | ||||
| CVE-2023-53969 | 2 Db Elettronica, Dbbroadcast | 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | 7.5 High |
| Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication. | ||||
| CVE-2023-53967 | 2 Db Elettronica, Dbbroadcast | 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | 7.5 High |
| Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password to directly modify the admin account's authentication. | ||||
| CVE-2023-53968 | 2 Db Elettronica, Dbbroadcast | 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | 9.8 Critical |
| Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication. | ||||
| CVE-2023-53974 | 2 D-link, Dlink | 3 Dsl-124, Dsl-124, Dsl-124 Firmware | 2025-12-26 | 7.5 High |
| D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations. | ||||
| CVE-2025-56086 | 1 Ruijie | 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-x60 and 1 more | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | ||||
| CVE-2025-56085 | 1 Ruijie | 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-ew300 Pro and 1 more | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. | ||||
| CVE-2025-56087 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the run_tcpdump in file /usr/lib/lua/luci/controller/admin/common_tcpdump.lua. | ||||
| CVE-2025-56107 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin/common_quick_config.lua. | ||||
| CVE-2025-56096 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/admin/common.lua. | ||||
| CVE-2025-56082 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the check_changes in file /usr/lib/lua/luci/controller/admin/common.lua. | ||||
| CVE-2025-56077 | 2 Ruijie, Ruijienetworks | 6 Rg-eap162\(g\), Rg-rap1260, Rg-rap2200(e) and 3 more | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. | ||||
| CVE-2025-56079 | 1 Ruijie | 4 Be50, Be50 Firmware, Rg-ew1300g and 1 more | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | ||||
| CVE-2025-13489 | 1 Ibm | 2 Devops Deploy, Ucd Ibm Devops Deploy | 2025-12-26 | 5.9 Medium |
| IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-14820 | 2025-12-25 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-14715 | 2025-12-25 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-34412 | 1 Eqs | 1 Convercent Whistleblowing Platform | 2025-12-24 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action. | ||||