Export limit exceeded: 23530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363821 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-34075 1 Hashicorp 1 Vagrant 2025-07-16 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does not violate a claimed security boundary.  https://developer.hashicorp.com/vagrant/docs/synced-folders
CVE-2025-1819 1 Tenda 2 Ac7, Ac7 Firmware 2025-07-16 6.3 Medium
A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7357 2 D-link, Dlink 3 Dir-600, Dir-600, Dir-600 Firmware 2025-07-16 6.3 Medium
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVE-2024-46946 1 Langchain 2 Langchain-experimental, Langchain Experimental 2025-07-16 9.8 Critical
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05).
CVE-2024-23106 1 Fortinet 1 Forticlientems 2025-07-16 7.7 High
An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests.
CVE-2024-46667 1 Fortinet 1 Fortisiem 2025-07-16 6.9 Medium
A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections.
CVE-2017-18524 1 Antoineh 1 Football Pool 2025-07-16 N/A
The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.
CVE-2024-47572 1 Fortinet 1 Fortisoar 2025-07-16 8.3 High
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file
CVE-2018-8327 1 Microsoft 2 Powershell, Powershell Editor Services 2025-07-16 9.8 Critical
A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.
CVE-2021-26700 1 Microsoft 2 Npm, Visual Studio Code Npm-script Extension 2025-07-16 7.8 High
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
CVE-2024-56114 1 Henkel 1 Canlineapp 2025-07-16 6.5 Medium
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their account.
CVE-2024-6234 2025-07-16 5.3 Medium
A flaw was found in the Ansible Automation Platform. The Event-Driven Ansible server exposes the WebSocket JSON web token (JWT) when running Rulebook activations in debug mode, which, if obtained by an attacker, can be used to connect to the socket and issue commands that return Playbook content or other sensitive data.
CVE-2025-53958 2025-07-16 N/A
Not used
CVE-2025-53957 2025-07-16 N/A
Not used
CVE-2025-53956 2025-07-16 N/A
Not used
CVE-2025-53955 2025-07-16 N/A
Not used
CVE-2025-53954 2025-07-16 N/A
Not used
CVE-2025-53953 2025-07-16 N/A
Not used
CVE-2025-53952 2025-07-16 N/A
Not used
CVE-2022-31764 1 Apache 1 Shardingsphere Elasticjob-ui 2025-07-16 8.5 High
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.