Export limit exceeded: 336750 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336750 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1791 | 1 Hillstone Networks | 1 Operation And Maintenance Security Gateway | 2026-02-04 | 2.7 Low |
| Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113. | ||||
| CVE-2025-60785 | 2 Icescrum, Kagilum | 2 Icescrum, Icescrum | 2026-02-04 | 8.8 High |
| A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page. | ||||
| CVE-2025-63441 | 1 Opensource-socialnetwork | 1 Open Source Social Network | 2026-02-04 | 7.3 High |
| Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends. | ||||
| CVE-2026-1633 | 1 Synectix | 1 Lan 232 Trio | 2026-02-04 | 10 Critical |
| The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device. | ||||
| CVE-2026-1632 | 1 Riss Srl | 1 Moma Seismic Station | 2026-02-04 | 9.1 Critical |
| MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device. | ||||
| CVE-2025-23236 | 1 Hummingheads | 1 Defense Platform | 2026-02-04 | N/A |
| Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained. | ||||
| CVE-2026-25027 | 1 Wordpress | 1 Wordpress | 2026-02-04 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.7.1. | ||||
| CVE-2025-32023 | 1 Redis | 1 Redis | 2026-02-04 | 7 High |
| Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands. | ||||
| CVE-2024-37301 | 1 Adfinis | 1 Document Merge Service | 2026-02-04 | 7.2 High |
| Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed. | ||||
| CVE-2024-23334 | 3 Aiohttp, Fedoraproject, Redhat | 6 Aiohttp, Fedora, Ansible Automation Platform and 3 more | 2026-02-04 | 5.9 Medium |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue. | ||||
| CVE-2025-63294 | 1 Workdo | 2 Hrm Saas, Hrm Saas Hr And Payroll Tool | 2026-02-04 | 6.5 Medium |
| WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users. | ||||
| CVE-2020-37092 | 1 Netis-systems | 1 Netis E1+ | 2026-02-04 | 7.5 High |
| Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device. | ||||
| CVE-2020-37091 | 1 Maian | 2 Support, Support Helpdesk | 2026-02-04 | 5.3 Medium |
| Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system. | ||||
| CVE-2026-24784 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2026-02-04 | 6.8 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0 contain a fix for the issue. | ||||
| CVE-2026-24833 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2026-02-04 | 7.7 High |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue. | ||||
| CVE-2026-24836 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2026-02-04 | 7.7 High |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed. Versions 9.13.10 and 10.2.0 contain a fix for the issue. | ||||
| CVE-2025-60925 | 1 Codeshare | 1 Codeshare | 2026-02-04 | 5.3 Medium |
| codeshare v1.0.0 was discovered to contain an information leakage vulnerability. | ||||
| CVE-2026-24837 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2026-02-04 | 7.7 High |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13.10 and 10.2.0 contain a fix for the issue. | ||||
| CVE-2026-24838 | 1 Dnnsoftware | 2 Dnn Platform, Dotnetnuke | 2026-02-04 | 9.1 Critical |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue. | ||||
| CVE-2025-10875 | 1 Salesforce | 2 Mulesoft, Mulesoft Anypoint Code Builder | 2026-02-04 | 6.5 Medium |
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6. | ||||