Export limit exceeded: 365312 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365312 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45556 | 1 Qualcomm | 121 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 118 more | 2025-08-19 | 6.5 Medium |
| Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR. | ||||
| CVE-2025-21431 | 1 Qualcomm | 72 Qam8255p, Qam8255p Firmware, Qam8295p and 69 more | 2025-08-19 | 5.5 Medium |
| Information disclosure may be there when a guest VM is connected. | ||||
| CVE-2020-10650 | 4 Debian, Fasterxml, Netapp and 1 more | 5 Debian Linux, Jackson-databind, Active Iq Unified Manager and 2 more | 2025-08-19 | 8.1 High |
| A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider. | ||||
| CVE-2022-21661 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2025-08-19 | 8 High |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-6230 | 1 Lenovo | 2 Commercial Vantage, Vantage | 2025-08-19 | 5.3 Medium |
| A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands. | ||||
| CVE-2025-8782 | 2025-08-19 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2025-2634 | 1 Ni | 1 Labview | 2025-08-19 | 7.8 High |
| Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | ||||
| CVE-2025-2633 | 1 Ni | 1 Labview | 2025-08-19 | 7.8 High |
| Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | ||||
| CVE-2024-22315 | 1 Ibm | 3 Storage Fusion, Storage Fusion Hci, Storage Fusion Hci For Watsonx | 2025-08-19 | 4 Medium |
| IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection. | ||||
| CVE-2025-51501 | 1 Microweber | 1 Microweber | 2025-08-19 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript. | ||||
| CVE-2025-51502 | 1 Microweber | 2 Cms, Microweber | 2025-08-19 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users. | ||||
| CVE-2025-51504 | 1 Microweber | 2 Cms, Microweber | 2025-08-19 | 7.6 High |
| Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field. | ||||
| CVE-2025-32829 | 1 Siemens | 1 Telecontrol Server Basic | 2025-08-19 | 8.8 High |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | ||||
| CVE-2025-32830 | 1 Siemens | 1 Telecontrol Server Basic | 2025-08-19 | 8.8 High |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | ||||
| CVE-2025-32831 | 1 Siemens | 1 Telecontrol Server Basic | 2025-08-19 | 8.8 High |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | ||||
| CVE-2025-32832 | 1 Siemens | 1 Telecontrol Server Basic | 2025-08-19 | 8.8 High |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | ||||
| CVE-2025-32833 | 1 Siemens | 1 Telecontrol Server Basic | 2025-08-19 | 8.8 High |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | ||||
| CVE-2025-32834 | 1 Siemens | 1 Telecontrol Server Basic | 2025-08-19 | 8.8 High |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariablesWithImport' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | ||||
| CVE-2025-32835 | 1 Siemens | 1 Telecontrol Server Basic | 2025-08-19 | 8.8 High |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariableArchivingBuffering' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | ||||
| CVE-2025-32836 | 1 Siemens | 1 Telecontrol Server Basic | 2025-08-19 | 8.8 High |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | ||||