Export limit exceeded: 343912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8020 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24815 | 1 Datavane | 1 Tis | 2026-01-27 | N/A |
| Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules). This vulnerability is associated with program files XmlFile.Java. This issue affects tis: before v4.3.0. | ||||
| CVE-2026-24656 | 1 Apache | 2 Karaf, Karaf Decanter | 2026-01-27 | 3.7 Low |
| Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to deserialization of untrusted data, eventually causing DoS. NB: Decanter log socket collector is not installed by default. Users who have not installed Decanter log socket are not impacted by this issue. This issue affects Apache Karaf Decanter before 2.12.0. Users are recommended to upgrade to version 2.12.0, which fixes the issue. | ||||
| CVE-2025-52095 | 1 Pdq | 1 Smart Deploy | 2026-01-27 | 9.8 Critical |
| An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll | ||||
| CVE-2025-58584 | 1 Sick | 5 Baggage Analytics, Enterprise Analytics, Logistic Diagnostic Analytics and 2 more | 2026-01-27 | 5.3 Medium |
| In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally. | ||||
| CVE-2025-9273 | 1 Cdata | 1 Api Server | 2026-01-27 | N/A |
| CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the usage of MySQL connections. When connecting to a MySQL server, the product enables an option that gives the MySQL server permission to request local files from the MySQL client. An attacker can leverage this vulnerability to disclose information in the context of NETWORK SERVICE. Was ZDI-CAN-23950. | ||||
| CVE-2018-25145 | 1 Microhardcorp | 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more | 2026-01-26 | 6.5 Medium |
| Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings. | ||||
| CVE-2025-36419 | 1 Ibm | 1 Applinx | 2026-01-26 | 5.3 Medium |
| IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system. | ||||
| CVE-2026-23838 | 2 Nixos, Tandoor | 2 Nixos, Recipes | 2026-01-26 | N/A |
| Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `MEDIA_ROOT`, the full database file may be externally accessible, potentially on the Internet. The root cause is that the NixOS module configures the working directory of Tandoor Recipes, as well as the value of `MEDIA_ROOT`, to be `/var/lib/tandoor-recipes`. This causes Tandoor Recipes to create its `db.sqlite3` database file in the same directory as `MEDIA_ROOT` causing it to be accessible without authentication through HTTP like any other media file. This is the case when using `GUNICORN_MEDIA=1` or when using a web server like nginx to serve media files. NixOS 26.05 changes the default value of `MEDIA_ROOT` to a sub folder of the data directory. This only applies to configurations with `system.stateVersion` >= 26.05. For older configurations, one of the workarounds should be applied instead. NixOS 25.11 has received a backport of this patch, though it doesn't fix this vulnerability without user intervention. A recommended workaround is to move `MEDIA_ROOT` into a subdirectory. Non-recommended workarounds include switching to PostgreSQL or disallowing access to `db.sqlite3`. | ||||
| CVE-2026-1223 | 1 Browan Communications | 1 Prismx Mx100 Ap Controller | 2026-01-26 | 4.9 Medium |
| PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend. | ||||
| CVE-2026-0895 | 1 Typo3 | 1 Mailqueue | 2026-01-26 | N/A |
| The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization, because the affected vulnerable code was extracted from TYPO3 core to the extension. More information about this vulnerability can be found in the related TYPO3 Core Security Advisory TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . | ||||
| CVE-2026-24046 | 1 Backstage | 1 Backstage | 2026-01-26 | 7.1 High |
| Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files via the `debug:log` action by creating a symlink pointing to sensitive files (e.g., `/etc/passwd`, configuration files, secrets); delete arbitrary files via the `fs:delete` action by creating symlinks pointing outside the workspace, and write files outside the workspace via archive extraction (tar/zip) containing malicious symlinks. This affects any Backstage deployment where users can create or execute Scaffolder templates. This vulnerability is fixed in `@backstage/backend-defaults` versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0; `@backstage/plugin-scaffolder-backend` versions 2.2.2, 3.0.2, and 3.1.1; and `@backstage/plugin-scaffolder-node` versions 0.11.2 and 0.12.3. Users should upgrade to these versions or later. Some workarounds are available. Follow the recommendation in the Backstage Threat Model to limit access to creating and updating templates, restrict who can create and execute Scaffolder templates using the permissions framework, audit existing templates for symlink usage, and/or run Backstage in a containerized environment with limited filesystem access. | ||||
| CVE-2026-24047 | 1 Backstage | 1 Backstage | 2026-01-26 | 6.3 Medium |
| Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the `resolveSafeChildPath` utility function in `@backstage/backend-plugin-api`, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation via symlink chains (creating `link1 → link2 → /outside` where intermediate symlinks eventually resolve outside the allowed directory) and dangling symlinks (creating symlinks pointing to non-existent paths outside the base directory, which would later be created during file operations). This function is used by Scaffolder actions and other backend components to ensure file operations stay within designated directories. This vulnerability is fixed in `@backstage/backend-plugin-api` version 0.1.17. Users should upgrade to this version or later. Some workarounds are available. Run Backstage in a containerized environment with limited filesystem access and/or restrict template creation to trusted users. | ||||
| CVE-2026-0773 | 1 Upsonic | 1 Upsonic | 2026-01-26 | N/A |
| Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the add_tool endpoint, which listens on TCP port 7541 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26845. | ||||
| CVE-2025-30025 | 1 Axis | 2 Camera Station Pro, Device Manager | 2026-01-23 | 7.8 High |
| The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. | ||||
| CVE-2025-30023 | 1 Axis | 3 Camera Station, Camera Station Pro, Device Manager | 2026-01-23 | 9 Critical |
| The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. | ||||
| CVE-2025-59976 | 1 Juniper | 2 Junos, Junos Space | 2026-01-23 | 6.5 Medium |
| An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3. | ||||
| CVE-2024-30226 | 1 Wpdeveloper | 1 Betterdocs | 2026-01-23 | 9 Critical |
| Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3. | ||||
| CVE-2025-54876 | 1 Jansson Project | 1 Jansson | 2026-01-23 | N/A |
| The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease. | ||||
| CVE-2025-32963 | 2026-01-23 | N/A | ||
| MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it. This issue has been patched in version 7.1.0. | ||||
| CVE-2025-37177 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-01-23 | 6.5 Medium |
| An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | ||||