Export limit exceeded: 364436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364436 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-36159 1 Ibm 1 Concert 2025-11-21 6.2 Medium
IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output.
CVE-2025-36160 1 Ibm 1 Concert 2025-11-21 5.3 Medium
IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system.
CVE-2025-34080 1 Contec 1 Conprosys Hmi System 2025-11-21 6.1 Medium
The Contec Co.,Ltd. CONPROSYS HMI System (CHS) is vulnerable to Cross-Site Scripting (XSS) in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on interaction.This issue affects CONPROSYS HMI System (CHS): before 3.7.7.
CVE-2025-34081 1 Contec 1 Conprosys Hmi System 2025-11-21 7.5 High
The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to unauthenticated users that may contain sensitive data useful for an attacker.This issue affects CONPROSYS HMI System (CHS): before 3.7.7.
CVE-2025-43857 1 Ruby-lang 1 Net\ 2025-11-21 6.5 Medium
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a malicious server can send can send a "literal" byte count, which is automatically read by the client's receiver thread. The response reader immediately allocates memory for the number of bytes indicated by the server response. This should not be an issue when securely connecting to trusted IMAP servers that are well-behaved. It can affect insecure connections and buggy, untrusted, or compromised servers (for example, connecting to a user supplied hostname). This issue has been patched in versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5.
CVE-2025-41735 2 Metz-connect, Metz Connect 7 Ewio2-bm, Ewio2-bm Firmware, Ewio2-m and 4 more 2025-11-21 8.8 High
A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.
CVE-2025-41737 2 Metz-connect, Metz Connect 7 Ewio2-bm, Ewio2-bm Firmware, Ewio2-m and 4 more 2025-11-21 7.5 High
Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.
CVE-2025-41736 2 Metz-connect, Metz Connect 7 Ewio2-bm, Ewio2-bm Firmware, Ewio2-m and 4 more 2025-11-21 8.8 High
A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.
CVE-2025-41734 2 Metz-connect, Metz Connect 7 Ewio2-bm, Ewio2-bm Firmware, Ewio2-m and 4 more 2025-11-21 9.8 Critical
An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.
CVE-2025-41733 2 Metz-connect, Metz Connect 7 Ewio2-bm, Ewio2-bm Firmware, Ewio2-m and 4 more 2025-11-21 9.8 Critical
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.
CVE-2024-10203 1 Zohocorp 1 Manageengine Endpoint Central 2025-11-21 7 High
Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.
CVE-2025-30360 1 Webpack.js 1 Webpack-dev-server 2025-11-21 6.5 Medium
webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The `Origin` header is checked to prevent Cross-site WebSocket hijacking from happening, which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address `Origin` headers. This allows websites that are served on IP addresses to connect WebSocket. An attacker can obtain source code via a method similar to that used to exploit CVE-2018-14732. Version 5.2.1 contains a patch for the issue.
CVE-2025-65220 1 Tenda 2 Ac21, Ac21 Firmware 2025-11-21 4.3 Medium
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter.
CVE-2025-65221 1 Tenda 2 Ac21, Ac21 Firmware 2025-11-21 4.3 Medium
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList.
CVE-2025-65222 1 Tenda 2 Ac21, Ac21 Firmware 2025-11-21 4.3 Medium
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg.
CVE-2025-65223 1 Tenda 2 Ac21, Ac21 Firmware 2025-11-21 4.3 Medium
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo.
CVE-2025-65226 1 Tenda 2 Ac21, Ac21 Firmware 2025-11-21 4.3 Medium
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo.
CVE-2023-30800 1 Mikrotik 1 Routeros 2025-11-21 7.5 High
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.
CVE-2023-30799 1 Mikrotik 1 Routeros 2025-11-21 9.1 Critical
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
CVE-2023-30797 1 Netflix 1 Lemur 2025-11-21 7.5 High
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.