Export limit exceeded: 74730 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74730 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1018 | 1 Gotac | 2 Police Statistics Database System, Statistical Database System | 2026-01-23 | 7.5 High |
| Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files. | ||||
| CVE-2026-1022 | 1 Gotac | 2 Statistical Database System, Statistics Database System | 2026-01-23 | 7.5 High |
| Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | ||||
| CVE-2026-1023 | 1 Gotac | 2 Statistical Database System, Statistics Database System | 2026-01-23 | 7.5 High |
| Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents. | ||||
| CVE-2024-29371 | 1 Jose4j Project | 1 Jose4j | 2026-01-23 | 7.5 High |
| In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. | ||||
| CVE-2023-45104 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Betterlinks | 2026-01-23 | 7.3 High |
| Missing Authorization vulnerability in WPDeveloper BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through 1.6.0. | ||||
| CVE-2023-47179 | 2 Byconsole, Wordpress | 2 Wooodt Lite, Wordpress | 2026-01-23 | 8.8 High |
| Missing Authorization vulnerability in ByConsole WooODT Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through 2.4.6. | ||||
| CVE-2022-50478 | 1 Linux | 1 Linux Kernel | 2026-01-23 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() Patch series "nilfs2: fix UBSAN shift-out-of-bounds warnings on mount time". The first patch fixes a bug reported by syzbot, and the second one fixes the remaining bug of the same kind. Although they are triggered by the same super block data anomaly, I divided it into the above two because the details of the issues and how to fix it are different. Both are required to eliminate the shift-out-of-bounds issues at mount time. This patch (of 2): If the block size exponent information written in an on-disk superblock is corrupted, nilfs_sb2_bad_offset helper function can trigger shift-out-of-bounds warning followed by a kernel panic (if panic_on_warn is set): shift exponent 38983 is too large for 64-bit type 'unsigned long long' Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x33d/0x3b0 lib/ubsan.c:322 nilfs_sb2_bad_offset fs/nilfs2/the_nilfs.c:449 [inline] nilfs_load_super_block+0xdf5/0xe00 fs/nilfs2/the_nilfs.c:523 init_nilfs+0xb7/0x7d0 fs/nilfs2/the_nilfs.c:577 nilfs_fill_super+0xb1/0x5d0 fs/nilfs2/super.c:1047 nilfs_mount+0x613/0x9b0 fs/nilfs2/super.c:1317 ... In addition, since nilfs_sb2_bad_offset() performs multiplication without considering the upper bound, the computation may overflow if the disk layout parameters are not normal. This fixes these issues by inserting preliminary sanity checks for those parameters and by converting the comparison from one involving multiplication and left bit-shifting to one using division and right bit-shifting. | ||||
| CVE-2025-39951 | 1 Linux | 1 Linux Kernel | 2026-01-23 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: um: virtio_uml: Fix use-after-free after put_device in probe When register_virtio_device() fails in virtio_uml_probe(), the code sets vu_dev->registered = 1 even though the device was not successfully registered. This can lead to use-after-free or other issues. | ||||
| CVE-2025-39952 | 1 Linux | 1 Linux Kernel | 2026-01-23 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: avoid buffer overflow in WID string configuration Fix the following copy overflow warning identified by Smatch checker. drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame() error: '__memcpy()' 'cfg->s[i]->str' copy overflow (512 vs 65537) This patch introduces size check before accessing the memory buffer. The checks are base on the WID type of received data from the firmware. For WID string configuration, the size limit is determined by individual element size in 'struct wilc_cfg_str_vals' that is maintained in 'len' field of 'struct wilc_cfg_str'. | ||||
| CVE-2024-39563 | 1 Juniper | 1 Junos Space | 2026-01-23 | 7.3 High |
| A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device. A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can exploit this vulnerability to execute arbitrary shell commands on the Junos Space Appliance. This issue affects Junos Space 24.1R1. Previous versions of Junos Space are unaffected by this vulnerability. | ||||
| CVE-2025-59968 | 1 Juniper | 21 Junos, Junos Space, Space Security Director and 18 more | 2026-01-23 | 8.6 High |
| A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls. This issue affects Junos Space Security Director * all versions prior to 24.1R3 Patch V4 This issue does not affect managed cSRX Series devices. | ||||
| CVE-2024-7871 | 2 Easytest, Huaju | 2 Easytest Online Test Platform, Easytest Online Learning Test Platform | 2026-01-23 | 8.8 High |
| SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter. | ||||
| CVE-2024-37920 | 1 Reputeinfosystems | 1 Arforms Form Builder | 2026-01-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7. | ||||
| CVE-2024-31270 | 1 Reputeinfosystems | 1 Arforms Form Builder | 2026-01-23 | 7.6 High |
| Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | ||||
| CVE-2024-50358 | 1 Advantech | 6 Eki-6333ac-1gpo, Eki-6333ac-1gpo Firmware, Eki-6333ac-2g and 3 more | 2026-01-23 | 7.2 High |
| A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by authenticated users by restoring a tampered configuration backup. | ||||
| CVE-2022-47151 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-01-23 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | ||||
| CVE-2024-50359 | 1 Advantech | 6 Eki-6333ac-1gpo, Eki-6333ac-1gpo Firmware, Eki-6333ac-2g and 3 more | 2026-01-23 | 7.2 High |
| A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "scan_ap" API which are not properly sanitized before being concatenated to OS level commands. | ||||
| CVE-2026-21917 | 2 Juniper, Juniper Networks | 21 Junos, Srx, Srx1500 and 18 more | 2026-01-23 | 7.5 High |
| An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5, * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos are also affected, but no fix is available. | ||||
| CVE-2026-21918 | 2 Juniper, Juniper Networks | 29 Junos, Mx10004, Mx10008 and 26 more | 2026-01-23 | 7.5 High |
| A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart. This issue affects Junos OS on SRX and MX Series: * all versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2. | ||||
| CVE-2024-50360 | 1 Advantech | 6 Eki-6333ac-1gpo, Eki-6333ac-1gpo Firmware, Eki-6333ac-2g and 3 more | 2026-01-23 | 7.2 High |
| A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "snmp_apply" API which are not properly sanitized before being concatenated to OS level commands. | ||||