Export limit exceeded: 364870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364870 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-66327 1 Huawei 1 Harmonyos 2025-12-08 7.1 High
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-66328 1 Huawei 1 Harmonyos 2025-12-08 8.4 High
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-59698 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-08 6.8 Medium
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.
CVE-2025-59699 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-08 6.8 Medium
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader.
CVE-2025-59701 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-08 4.1 Medium
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted).
CVE-2025-59702 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-08 7.2 High
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components.
CVE-2025-59705 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-08 6.8 Medium
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01.
CVE-2025-59703 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-08 9.1 Critical
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.
CVE-2025-66208 2 Collabora, Collaboraoffice 2 Online, Online 2025-12-08 9.8 Critical
Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php and an intermediate reverse proxy. This vulnerability is fixed in 25.04.702.
CVE-2025-59697 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-08 7.2 High
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.
CVE-2025-59696 1 Entrust 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more 2025-12-08 3.2 Low
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.
CVE-2023-47220 1 Qnap 1 Media Streaming Add-on 2025-12-08 6.6 Medium
An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later
CVE-2025-64331 1 Oisf 1 Suricata 2025-12-08 7.5 High
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the logging of printable http bodies. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves using default HTTP response body limits and/or disabling http-body-printable logging; body logging is disabled by default.
CVE-2025-54848 1 Socomec 3 Diris Digiware M-70, Diris Digiware M-70 Firmware, Diris M-70 2025-12-08 7.5 High
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a sequence of Modbus TCP messages to port 502 using the Write Single Register function code (6). The attack sequence begins with a message to register 58112 with a value of 1000, indicating that a configuration change will follow. Next, a message is sent to register 29440 with a value corresponding to the new Modbus address to be configured. Finally, a message to register 57856 with a value of 161 commits the configuration change. After this configuration change, the device will be in a denial-of-service state.
CVE-2024-38647 1 Qnap 1 Ai Core 2025-12-08 7.5 High
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP AI Core 3.4.1 and later
CVE-2025-54849 1 Socomec 3 Diris Digiware M-70, Diris Digiware M-70 Firmware, Diris M-70 2025-12-08 7.5 High
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a single Modbus TCP message to port 502 using the Write Single Register function code (6) to write the value 1 to register 4352. This action changes the Modbus address to 15. After this message is sent, the device will be in a denial-of-service state.
CVE-2024-48862 1 Qnap 1 Qulog Center 2025-12-08 9.8 Critical
A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.831 ( 2024/10/15 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
CVE-2025-3199 1 Pandarobot 1 Ruoyi Ai 2025-12-08 7.3 High
A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java of the component API Interface. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.2 is able to address this issue. The name of the patch is c0daf641fb25b244591b7a6c3affa35c69d321fe. It is recommended to upgrade the affected component.
CVE-2025-21022 1 Samsung 1 Galaxy Wearable 2025-12-08 3.3 Low
Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information.
CVE-2025-8854 2 Bullet3 Project, Bulletphysics 2 Bullet3, Pybullet 2025-12-08 9.8 Critical
Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function.