Export limit exceeded: 338339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338339 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66590 | 1 Azeotech | 1 Daqfactory | 2026-01-02 | 9.8 Critical |
| In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash. | ||||
| CVE-2025-66585 | 1 Azeotech | 1 Daqfactory | 2026-01-02 | 7.8 High |
| In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2025-66906 | 2 Turms, Turms-im | 2 Admin Api, Turms | 2026-01-02 | 6.1 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges. | ||||
| CVE-2025-66908 | 2 Turms, Turms-im | 2 Ai Serving, Turms | 2026-01-02 | 5.3 Medium |
| Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormData(contentType = MediaTypeConst.IMAGE) annotation to restrict uploads to image files, but this constraint is not properly enforced. The system relies solely on client-provided Content-Type headers and file extensions without validating actual file content using magic bytes (file signatures). An attacker can upload arbitrary file types including executables, scripts, HTML, or web shells by setting the Content-Type header to "image/*" or using an image file extension. This bypass enables potential server-side code execution, stored XSS, or information disclosure depending on how uploaded files are processed and served. | ||||
| CVE-2025-66909 | 2 Turms, Turms-im | 2 Ai Serving, Turms | 2026-01-02 | 7.5 High |
| Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without validating dimensions or pixel count before decompression. An attacker can upload a specially crafted compressed image file (e.g., PNG) that is small when compressed but expands to gigabytes of memory when loaded. This causes immediate memory exhaustion, OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. Multiple requests can completely deny service availability. | ||||
| CVE-2025-66910 | 2 Turms, Turms-im | 2 Turms Server, Turms | 2026-01-02 | 6 Medium |
| Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection. | ||||
| CVE-2025-66911 | 2 Turms, Turms-im | 2 Im-server, Turms | 2026-01-02 | 6.5 Medium |
| Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, and login timestamps of arbitrary users without proper authorization checks. | ||||
| CVE-2025-66953 | 1 Nardamiteq | 2 Upc2, Upc2 Firmware | 2026-01-02 | 8.8 High |
| CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints | ||||
| CVE-2025-67073 | 1 Tenda | 4 Ac10, Ac10 Firmware, Ac10v4 and 1 more | 2026-01-02 | 9.8 Critical |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan. | ||||
| CVE-2025-67074 | 1 Tenda | 4 Ac10, Ac10 Firmware, Ac10v4 and 1 more | 2026-01-02 | 6.5 Medium |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan. | ||||
| CVE-2025-68935 | 1 Onlyoffice | 1 Document Server | 2026-01-02 | 6.4 Medium |
| ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer. | ||||
| CVE-2025-68936 | 1 Onlyoffice | 1 Document Server | 2026-01-02 | 6.4 Medium |
| ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer. | ||||
| CVE-2025-68938 | 1 Gitea | 1 Gitea | 2026-01-02 | 4.3 Medium |
| Gitea before 1.25.2 mishandles authorization for deletion of releases. | ||||
| CVE-2025-68939 | 1 Gitea | 1 Gitea | 2026-01-02 | 8.2 High |
| Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API. | ||||
| CVE-2025-68940 | 1 Gitea | 1 Gitea | 2026-01-02 | 3.1 Low |
| In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request. | ||||
| CVE-2025-68941 | 1 Gitea | 1 Gitea | 2026-01-02 | 4.9 Medium |
| Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources. | ||||
| CVE-2025-68942 | 1 Gitea | 1 Gitea | 2026-01-02 | 5.4 Medium |
| Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text. | ||||
| CVE-2023-1454 | 1 Jeecg | 1 Jeecg Boot | 2026-01-02 | 6.3 Medium |
| A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299. | ||||
| CVE-2023-47467 | 1 Jeecg | 1 Jeecg Boot | 2026-01-02 | 6.5 Medium |
| Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | ||||
| CVE-2025-68948 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2026-01-02 | 8.1 High |
| SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode is stored within the session cookie, an attacker who intercepts or obtains a user's encrypted session cookie (e.g., via session hijacking) can locally decrypt it using the public key. Once decrypted, the attacker can retrieve the AccessAuthCode in plain text and use it to authenticate or take over the session. | ||||