Export limit exceeded: 346588 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1583 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26829 | 3 Linux, Microsoft, Scadabr | 3 Linux Kernel, Windows, Scadabr | 2025-12-02 | 5.4 Medium |
| OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. | ||||
| CVE-2025-34028 | 3 Commvault, Linux, Microsoft | 3 Commvault, Linux Kernel, Windows | 2025-11-29 | 10.0 Critical |
| The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. The vulnerability is fixed in 11.38.20 with SP38-CU20-433 and SP38-CU20-436 and also fixed in 11.38.25 with SP38-CU25-434 and SP38-CU25-438. | ||||
| CVE-2025-3248 | 1 Langflow | 1 Langflow | 2025-11-29 | 9.8 Critical |
| Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | ||||
| CVE-2024-11680 | 1 Projectsend | 1 Projectsend | 2025-11-22 | 9.8 Critical |
| ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. | ||||
| CVE-2024-23692 | 1 Rejetto | 1 Http File Server | 2025-11-22 | 9.8 Critical |
| Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. | ||||
| CVE-2024-8956 | 1 Ptzoptics | 4 Pt30x-ndi-xx-g2, Pt30x-ndi-xx-g2 Firmware, Pt30x-sdi and 1 more | 2025-11-22 | 9.1 Critical |
| PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file. | ||||
| CVE-2025-2775 | 1 Sysaid | 2 Sysaid, Sysaid On-premises | 2025-11-19 | 9.3 Critical |
| SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives. | ||||
| CVE-2025-2776 | 1 Sysaid | 2 Sysaid, Sysaid On-premises | 2025-11-19 | 9.3 Critical |
| SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives. | ||||
| CVE-2018-4878 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Macos, Chrome Os and 8 more | 2025-11-18 | 7.8 High |
| A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. | ||||
| CVE-2018-5002 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2025-11-18 | 7.8 High |
| Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| CVE-2019-8720 | 3 Redhat, Webkitgtk, Wpewebkit | 23 Codeready Linux Builder, Codeready Linux Builder Eus, Codeready Linux Builder For Arm64 Eus and 20 more | 2025-11-18 | 8.8 High |
| A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. | ||||
| CVE-2024-38475 | 4 Apache, Netapp, Redhat and 1 more | 19 Http Server, Ontap 9, Enterprise Linux and 16 more | 2025-11-17 | 9.1 Critical |
| Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. | ||||
| CVE-2018-15982 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Installer, Mac Os X and 9 more | 2025-11-17 | 7.8 High |
| Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2022-26318 | 1 Watchguard | 1 Fireware | 2025-11-13 | 9.8 Critical |
| On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | ||||
| CVE-2019-16256 | 1 Trustedconnectivityalliance | 1 S\@t Browser | 2025-11-12 | 9.8 Critical |
| Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. | ||||
| CVE-2021-20023 | 2 Microsoft, Sonicwall | 20 Windows, Email Security, Email Security Appliance 3300 and 17 more | 2025-11-12 | 4.9 Medium |
| SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. | ||||
| CVE-2021-20022 | 2 Microsoft, Sonicwall | 20 Windows, Email Security, Email Security Appliance 3300 and 17 more | 2025-11-10 | 7.2 High |
| SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. | ||||
| CVE-2021-20021 | 2 Microsoft, Sonicwall | 20 Windows, Email Security, Email Security Appliance 3300 and 17 more | 2025-11-10 | 9.8 Critical |
| A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | ||||
| CVE-2022-0543 | 3 Canonical, Debian, Redis | 3 Ubuntu Linux, Debian Linux, Redis | 2025-11-10 | 10.0 Critical |
| It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | ||||
| CVE-2021-36260 | 1 Hikvision | 512 Ds-2cd2021g1-i\(w\), Ds-2cd2021g1-i\(w\) Firmware, Ds-2cd2023g2-i\(u\) and 509 more | 2025-11-10 | 9.8 Critical |
| A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. | ||||