Export limit exceeded: 365153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365153 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-10226 3 Axxonsoft, Linux, Microsoft 4 Axxon One, Linux, Linux Kernel and 1 more 2025-12-19 9.8 Critical
Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4.
CVE-2025-10227 3 Axxonsoft, Linux, Microsoft 4 Axxon One, Linux, Linux Kernel and 1 more 2025-12-19 4.6 Medium
Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest.
CVE-2025-36035 1 Ibm 24 Power9 System Firmware, Power System E1050 \(9043-mrx\), Power System E1080 \(9080-hex\) and 21 more 2025-12-19 6.7 Medium
IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.
CVE-2025-35436 1 Cisa 1 Thorium 2025-12-19 5.3 Medium
CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27.
CVE-2025-35041 2 Airship.ai, Airship Ai 2 Acropolis, Acropolis 2025-12-19 7.5 High
Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9.
CVE-2025-35042 2 Airship.ai, Airship Ai 2 Acropolis, Acropolis 2025-12-19 9.8 Critical
Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9.
CVE-2025-68491 2025-12-19 N/A
Not used
CVE-2025-68490 2025-12-19 N/A
Not used
CVE-2025-68489 2025-12-19 N/A
Not used
CVE-2025-68488 2025-12-19 N/A
Not used
CVE-2025-68487 2025-12-19 N/A
Not used
CVE-2025-68486 2025-12-19 N/A
Not used
CVE-2025-68485 2025-12-19 N/A
Not used
CVE-2025-68484 2025-12-19 N/A
Not used
CVE-2025-68483 2025-12-19 N/A
Not used
CVE-2019-3863 5 Debian, Libssh2, Netapp and 2 more 15 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 12 more 2025-12-19 N/A
A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.
CVE-2023-38913 1 Anirbandutta9 1 News-buzz 2025-12-18 5.3 Medium
SQL injection vulnerability in anirbandutta9 NEWS-BUZZ v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.
CVE-2023-36338 1 Inventory Management System Project 1 Inventory Management System 2025-12-18 5.3 Medium
Inventory Management System 1 was discovered to contain a SQL injection vulnerability.
CVE-2025-55310 3 Apple, Foxit, Microsoft 4 Macos, Pdf Editor, Pdf Reader and 1 more 2025-12-18 7.3 High
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in information disclosure, unauthorized data access, or other security impacts.
CVE-2025-38031 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-12-18 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in reorder_work A recent patch that addressed a UAF introduced a reference count leak: the parallel_data refcount is incremented unconditionally, regardless of the return value of queue_work(). If the work item is already queued, the incremented refcount is never decremented. Fix this by checking the return value of queue_work() and decrementing the refcount when necessary. Resolves: Unreferenced object 0xffff9d9f421e3d80 (size 192): comm "cryptomgr_probe", pid 157, jiffies 4294694003 hex dump (first 32 bytes): 80 8b cf 41 9f 9d ff ff b8 97 e0 89 ff ff ff ff ...A............ d0 97 e0 89 ff ff ff ff 19 00 00 00 1f 88 23 00 ..............#. backtrace (crc 838fb36): __kmalloc_cache_noprof+0x284/0x320 padata_alloc_pd+0x20/0x1e0 padata_alloc_shell+0x3b/0xa0 0xffffffffc040a54d cryptomgr_probe+0x43/0xc0 kthread+0xf6/0x1f0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30