Export limit exceeded: 363984 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363984 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-44612 | 1 Tinxy | 2 Wifi Lock Controller V1 Rf, Wifi Lock Controller V1 Rf Firmware | 2025-07-22 | 5.9 Medium |
| Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack. | ||||
| CVE-2025-44614 | 1 Tinxy | 2 Wifi Lock Controller V1 Rf, Wifi Lock Controller V1 Rf Firmware | 2025-07-22 | 7.5 High |
| Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext. | ||||
| CVE-2025-45784 | 1 Dlink | 4 Dph-400s, Dph-400s Firmware, Dph-400se and 1 more | 2025-07-22 | 9.8 Critical |
| D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary. | ||||
| CVE-2025-20279 | 1 Cisco | 1 Unified Contact Center Express | 2025-07-22 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system. | ||||
| CVE-2025-25271 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-22 | 8.8 High |
| An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface. | ||||
| CVE-2025-54362 | 2025-07-22 | N/A | ||
| Not used | ||||
| CVE-2025-54361 | 2025-07-22 | N/A | ||
| Not used | ||||
| CVE-2025-54360 | 2025-07-22 | N/A | ||
| Not used | ||||
| CVE-2025-54359 | 2025-07-22 | N/A | ||
| Not used | ||||
| CVE-2025-54358 | 2025-07-22 | N/A | ||
| Not used | ||||
| CVE-2025-54357 | 2025-07-22 | N/A | ||
| Not used | ||||
| CVE-2025-54356 | 2025-07-22 | N/A | ||
| Not used | ||||
| CVE-2025-54355 | 2025-07-22 | N/A | ||
| Not used | ||||
| CVE-2025-54354 | 2025-07-22 | N/A | ||
| Not used | ||||
| CVE-2019-6446 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2025-07-21 | N/A |
| An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources. | ||||
| CVE-2025-20300 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-07-21 | 4.3 Medium |
| In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-and-throttling/define-alert-suppression-groups-to-throttle-sets-of-similar-alerts). | ||||
| CVE-2025-20320 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-07-21 | 6.3 Medium |
| In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will. | ||||
| CVE-2025-20321 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-07-21 | 6.5 Medium |
| In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC.<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will. | ||||
| CVE-2025-20322 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-07-21 | 4.3 Medium |
| In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.<br><br>See [How rolling restart works](https://docs.splunk.com/Documentation/Splunk/9.4.2/DistSearch/RestartSHC) for more information. | ||||
| CVE-2025-20323 | 1 Splunk | 2 Splunk, Splunk Enterprise | 2025-07-21 | 4.3 Medium |
| In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app. | ||||