Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
18,100 matching · page 213/362Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-21635(opens NVD record) | Medium | 5.3 | An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet. | Jan 5, 2026 |
| CVE-2026-21634(opens NVD record) | Medium | 6.5 | A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later. | Jan 5, 2026 |
| CVE-2026-21633(opens NVD record) | High | 8.8 | A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later. | Jan 5, 2026 |
| CVE-2025-67316(opens NVD record) | Medium | 5.4 | An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. NOTE: The supplier is currently disputing this finding and the record is under review. | Jan 5, 2026 |
| CVE-2025-59467(opens NVD record) | High | 7.5 | A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier) Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later. | Jan 5, 2026 |
| CVE-2025-57836(opens NVD record) | High | 7.8 | An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges. | Jan 5, 2026 |
| CVE-2025-68764(opens NVD record) | Medium | — | In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag. | Jan 5, 2026 |
| CVE-2025-67160(opens NVD record) | High | 7.5 | An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal. | Jan 2, 2026 |
| CVE-2025-67159(opens NVD record) | High | 7.5 | Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext. | Jan 2, 2026 |
| CVE-2025-67158(opens NVD record) | High | 7.5 | An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request. | Jan 2, 2026 |
| CVE-2025-34171(opens NVD record) | Medium | 5.3 | CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, which reveals installed applications and configuration details. Additionally, /v1/sys/debug discloses host operating system, kernel, hardware, and storage information. The endpoints also return distinct error messages, enabling file existence enumeration of arbitrary paths on the underlying host filesystem. This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks against services deployed on the host. | Jan 2, 2026 |
| CVE-2025-67269(opens NVD record) | High | 7.5 | An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition. | Jan 2, 2026 |
| CVE-2025-67268(opens NVD record) | Critical | 9.8 | gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution. | Jan 2, 2026 |
| CVE-2024-55374(opens NVD record) | Medium | 5.3 | REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts. | Jan 2, 2026 |
| CVE-2025-11157(opens NVD record) | High | 7.8 | A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. The vulnerability arises from the use of `yaml.load(..., Loader=yaml.Loader)` to deserialize `/var/feast/feature_store.yaml` and `/var/feast/materialization_config.yaml`. This method allows for the instantiation of arbitrary Python objects, enabling an attacker with the ability to modify these YAML files to execute OS commands on the worker pod. This vulnerability can be exploited before the configuration is validated, potentially leading to cluster takeover, data poisoning, and supply-chain sabotage. | Jan 1, 2026 |
| CVE-2025-67711(opens NVD record) | Medium | 6.1 | There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | Dec 31, 2025 |
| CVE-2025-67710(opens NVD record) | Medium | 6.1 | There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | Dec 31, 2025 |
| CVE-2025-67709(opens NVD record) | Medium | 6.1 | There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | Dec 31, 2025 |
| CVE-2025-67708(opens NVD record) | Medium | 6.1 | There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | Dec 31, 2025 |
| CVE-2025-67707(opens NVD record) | Medium | 5.6 | ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded files to non‑executable storage locations and prevent modification or replacement of existing application components or system configurations. Uploaded files cannot be executed, leveraged to escalate privileges, or used to access sensitive data. Because the issue does not enable execution, service disruption, unauthorized access, or integrity compromise, its impact on confidentiality, integrity, and availability is low. Note that race conditions, secret values, or man‑in‑the‑middle conditions are required for exploitation. | Dec 31, 2025 |
| CVE-2025-67706(opens NVD record) | Medium | 5.6 | ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded files to non‑executable storage locations and prevent modification or replacement of existing application components or system configurations. Uploaded files cannot be executed, leveraged to escalate privileges, or used to access sensitive data. Because the issue does not enable execution, service disruption, unauthorized access, or integrity compromise, its impact on confidentiality, integrity, and availability is low. Note that race conditions, secret values, or man‑in‑the‑middle conditions are required for exploitation. | Dec 31, 2025 |
| CVE-2025-67705(opens NVD record) | Medium | 6.1 | There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | Dec 31, 2025 |
| CVE-2025-67704(opens NVD record) | Medium | 6.1 | There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | Dec 31, 2025 |
| CVE-2025-67703(opens NVD record) | Medium | 6.1 | There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser. | Dec 31, 2025 |
| CVE-2023-7332(opens NVD record) | Medium | — | PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting in denial of service. | Dec 31, 2025 |
| CVE-2025-34468(opens NVD record) | Critical | 9.8 | libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap). | Dec 31, 2025 |
| CVE-2025-34467(opens NVD record) | Medium | 4.3 | ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns "404 Not Found" as expected, but incorrectly acquires and associates a temporary lock on the targeted resource with the attacker session prior to authorization. This lock prevents other users, including administrators, from accessing the affected functionality until the attacker navigates away or the session is terminated. | Dec 31, 2025 |
| CVE-2024-58315(opens NVD record) | High | 7.8 | Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot. | Dec 30, 2025 |
| CVE-2025-66723(opens NVD record) | High | 7.5 | inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths. | Dec 30, 2025 |
| CVE-2025-66835(opens NVD record) | High | 7.1 | TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context. | Dec 30, 2025 |
| CVE-2025-66848(opens NVD record) | Critical | 9.8 | JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier) contain an unauthorized remote command execution vulnerability. | Dec 30, 2025 |
| CVE-2025-67255(opens NVD record) | High | 8.8 | In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability. | Dec 29, 2025 |
| CVE-2025-67254(opens NVD record) | High | 7.5 | NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php. | Dec 29, 2025 |
| CVE-2025-66737(opens NVD record) | Medium | 4.3 | Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component. | Dec 26, 2025 |
| CVE-2025-66738(opens NVD record) | High | 8.8 | An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component. | Dec 26, 2025 |
| CVE-2025-65885(opens NVD record) | Medium | 5.1 | An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia 603 (Delight v1.0), Nokia 500 (Delight v1.2), Nokia E6 (Delight v1.0), Nokia Oro (Delight v1.0), and Vertu Constellation T (Delight v1.0) allowing local attackers to inject startup scripts via crafted .txt files in the :\Data directory. | Dec 26, 2025 |
| CVE-2025-64645(opens NVD record) | High | 7.7 | IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link. | Dec 26, 2025 |
| CVE-2025-36230(opens NVD record) | Medium | 5.4 | IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | Dec 26, 2025 |
| CVE-2025-36229(opens NVD record) | Low | 3.1 | IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers. | Dec 26, 2025 |
| CVE-2025-36228(opens NVD record) | Low | 3.8 | IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse. | Dec 26, 2025 |
| CVE-2025-36192(opens NVD record) | Medium | 6.7 | IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS Logical corruption protection mechanisms. | Dec 26, 2025 |
| CVE-2025-14687(opens NVD record) | Medium | 4.3 | IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms. | Dec 26, 2025 |
| CVE-2025-13915(opens NVD record) | Critical | 9.8 | IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. | Dec 26, 2025 |
| CVE-2025-1721(opens NVD record) | Medium | 5.9 | IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. | Dec 26, 2025 |
| CVE-2025-12771(opens NVD record) | High | 7.8 | IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system. | Dec 26, 2025 |
| CVE-2025-36154(opens NVD record) | Medium | 6.2 | IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user. | Dec 24, 2025 |
| CVE-2025-68742(opens NVD record) | Medium | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix invalid prog->stats access when update_effective_progs fails Syzkaller triggers an invalid memory access issue following fault injection in update_effective_progs. The issue can be described as follows: __cgroup_bpf_detach update_effective_progs compute_effective_progs bpf_prog_array_alloc <-- fault inject purge_effective_progs /* change to dummy_bpf_prog */ array->items[index] = &dummy_bpf_prog.prog ---softirq start--- __do_softirq ... __cgroup_bpf_run_filter_skb __bpf_prog_run_save_cb bpf_prog_run stats = this_cpu_ptr(prog->stats) /* invalid memory access */ flags = u64_stats_update_begin_irqsave(&stats->syncp) ---softirq end--- static_branch_dec(&cgroup_bpf_enabled_key[atype]) The reason is that fault injection caused update_effective_progs to fail and then changed the original prog into dummy_bpf_prog.prog in purge_effective_progs. Then a softirq came, and accessing the members of dummy_bpf_prog.prog in the softirq triggers invalid mem access. To fix it, skip updating stats when stats is NULL. | Dec 24, 2025 |
| CVE-2025-68725(opens NVD record) | Medium | 5.5 | In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skb_warn_bad_offload() from netif_skb_features() -> gso_features_check(). When a BPF program - triggered via BPF test infra - pushes the packet to the loopback device via bpf_clone_redirect() then mentioned offload warning can be seen. GSO-related features are then rightfully disabled. We get into this situation due to convert___skb_to_skb() setting gso_segs and gso_size but not gso_type. Technically, it makes sense that this warning triggers since the GSO properties are malformed due to the gso_type. Potentially, the gso_type could be marked non-trustworthy through setting it at least to SKB_GSO_DODGY without any other specific assumptions, but that also feels wrong given we should not go further into the GSO engine in the first place. The checks were added in 121d57af308d ("gso: validate gso_type in GSO handlers") because there were malicious (syzbot) senders that combine a protocol with a non-matching gso_type. If we would want to drop such packets, gso_features_check() currently only returns feature flags via netif_skb_features(), so one location for potentially dropping such skbs could be validate_xmit_unreadable_skb(), but then otoh it would be an additional check in the fast-path for a very corner case. Given bpf_clone_redirect() is the only place where BPF test infra could emit such packets, lets reject them right there. | Dec 24, 2025 |
| CVE-2025-68724(opens NVD record) | Medium | — | In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_key_id structure and return ERR_PTR(-EOVERFLOW) accordingly. This prevents a possible buffer overflow when copying data from potentially malicious X.509 certificate fields that can be arbitrarily large, such as ASN.1 INTEGER serial numbers, issuer names, etc. | Dec 24, 2025 |
| CVE-2025-68371(opens NVD record) | Medium | — | In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix device resources accessed after device removal Correct possible race conditions during device removal. Previously, a scheduled work item to reset a LUN could still execute after the device was removed, leading to use-after-free and other resource access issues. This race condition occurs because the abort handler may schedule a LUN reset concurrently with device removal via sdev_destroy(), leading to use-after-free and improper access to freed resources. - Check in the device reset handler if the device is still present in the controller's SCSI device list before running; if not, the reset is skipped. - Cancel any pending TMF work that has not started in sdev_destroy(). - Ensure device freeing in sdev_destroy() is done while holding the LUN reset mutex to avoid races with ongoing resets. | Dec 24, 2025 |