Export limit exceeded: 365312 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365312 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-45556 1 Qualcomm 121 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 118 more 2025-08-19 6.5 Medium
Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.
CVE-2025-21431 1 Qualcomm 72 Qam8255p, Qam8255p Firmware, Qam8295p and 69 more 2025-08-19 5.5 Medium
Information disclosure may be there when a guest VM is connected.
CVE-2020-10650 4 Debian, Fasterxml, Netapp and 1 more 5 Debian Linux, Jackson-databind, Active Iq Unified Manager and 2 more 2025-08-19 8.1 High
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.
CVE-2022-21661 3 Debian, Fedoraproject, Wordpress 3 Debian Linux, Fedora, Wordpress 2025-08-19 8 High
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
CVE-2025-6230 1 Lenovo 2 Commercial Vantage, Vantage 2025-08-19 5.3 Medium
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.
CVE-2025-8782 2025-08-19 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2025-2634 1 Ni 1 Labview 2025-08-19 7.8 High
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
CVE-2025-2633 1 Ni 1 Labview 2025-08-19 7.8 High
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
CVE-2024-22315 1 Ibm 3 Storage Fusion, Storage Fusion Hci, Storage Fusion Hci For Watsonx 2025-08-19 4 Medium
IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.
CVE-2025-51501 1 Microweber 1 Microweber 2025-08-19 6.1 Medium
Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
CVE-2025-51502 1 Microweber 2 Cms, Microweber 2025-08-19 6.1 Medium
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
CVE-2025-51504 1 Microweber 2 Cms, Microweber 2025-08-19 7.6 High
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
CVE-2025-32829 1 Siemens 1 Telecontrol Server Basic 2025-08-19 8.8 High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.
CVE-2025-32830 1 Siemens 1 Telecontrol Server Basic 2025-08-19 8.8 High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.
CVE-2025-32831 1 Siemens 1 Telecontrol Server Basic 2025-08-19 8.8 High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.
CVE-2025-32832 1 Siemens 1 Telecontrol Server Basic 2025-08-19 8.8 High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.
CVE-2025-32833 1 Siemens 1 Telecontrol Server Basic 2025-08-19 8.8 High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.
CVE-2025-32834 1 Siemens 1 Telecontrol Server Basic 2025-08-19 8.8 High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariablesWithImport' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.
CVE-2025-32835 1 Siemens 1 Telecontrol Server Basic 2025-08-19 8.8 High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariableArchivingBuffering' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.
CVE-2025-32836 1 Siemens 1 Telecontrol Server Basic 2025-08-19 8.8 High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.