Export limit exceeded: 364910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364910 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-50956 1 Ibm 1 Storage Defender Resiliency Service 2025-08-09 4.4 Medium
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.
CVE-2023-42123 2 Control-webpanel, Control Web Panel 2 Webpanel, Control Web Panel 2025-08-09 N/A
Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the mysql_manager module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21080.
CVE-2023-42122 2 Control-webpanel, Control Web Panel 2 Webpanel, Control Web Panel 2025-08-09 N/A
Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cwpsrv process, which listens on the loopback interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-21079.
CVE-2023-42121 2 Control-webpanel, Control Web Panel 2 Webpanel, Control Web Panel 2025-08-09 N/A
Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of authentication within the web interface. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of a valid CWP user. Was ZDI-CAN-20582.
CVE-2023-42120 2 Control-webpanel, Control Web Panel 2 Webpanel, Control Web Panel 2025-08-09 N/A
Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the dns_zone_editor module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20581.
CVE-2025-52914 1 Mitel 1 Micollab 2025-08-08 8.8 High
A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands.
CVE-2025-26525 1 Moodle 1 Moodle 2025-08-08 8.6 High
Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).
CVE-2025-26526 1 Moodle 1 Moodle 2025-08-08 6.5 Medium
Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities.
CVE-2025-26527 1 Moodle 1 Moodle 2025-08-08 5.3 Medium
Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.
CVE-2025-26528 1 Moodle 1 Moodle 2025-08-08 3.4 Low
The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.
CVE-2025-26529 1 Moodle 1 Moodle 2025-08-08 8.3 High
Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.
CVE-2025-0719 1 Ibm 1 Cloud Pak For Data 2025-08-08 6.1 Medium
IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-6444 1 Servicestack 1 Servicestack 2025-08-08 5.9 Medium
ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of the GetErrorResponse method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to relay NTLM credentials in the context of the current user. Was ZDI-CAN-25834.
CVE-2025-6445 1 Servicestack 1 Servicestack 2025-08-08 8.1 High
ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of the FindType method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25837.
CVE-2024-30361 3 Apple, Foxit, Microsoft 4 Macos, Pdf Editor, Pdf Reader and 1 more 2025-08-08 N/A
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22877.
CVE-2024-30362 3 Apple, Foxit, Microsoft 4 Macos, Pdf Editor, Pdf Reader and 1 more 2025-08-08 N/A
Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22798.
CVE-2024-30363 3 Apple, Foxit, Microsoft 4 Macos, Pdf Editor, Pdf Reader and 1 more 2025-08-08 5.5 Medium
Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23008.
CVE-2024-2660 1 Hashicorp 2 Vault, Vault Enterprise 2025-08-08 6.4 Medium
Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
CVE-2023-42035 1 Visualware 1 Myconnection Server 2025-08-08 N/A
Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doIForward method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-21774.
CVE-2023-42034 1 Visualware 1 Myconnection Server 2025-08-08 N/A
Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the doRTAAccessCTConfig method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21613.