Export limit exceeded: 25094 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25094 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68438 | 1 Apache | 1 Airflow | 2026-01-21 | 7.5 High |
| In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include user-registered mask_secret() patterns, so secrets were not reliably masked before truncation and display. Users are recommended to upgrade to 3.1.6 or later, which fixes this issue | ||||
| CVE-2025-15082 | 2 Gztozed, Tozed | 3 Zlt M30s, Zlt M30s Firmware, Zlt M30s | 2026-01-20 | 5.3 Medium |
| A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5499 | 1 Phpwcms | 1 Phpwcms | 2026-01-20 | 7.3 High |
| A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-5498 | 1 Phpwcms | 1 Phpwcms | 2026-01-20 | 5.5 Medium |
| A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the argument cpage_custom leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-49968 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-01-19 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ext4: filesystems without casefold feature cannot be mounted with siphash When mounting the ext4 filesystem, if the default hash version is set to DX_HASH_SIPHASH but the casefold feature is not set, exit the mounting. | ||||
| CVE-2025-12945 | 1 Netgear | 2 R7000p, R7000p Firmware | 2026-01-16 | 7.2 High |
| A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154. | ||||
| CVE-2024-30381 | 1 Juniper | 1 Paragon Active Assurance Control Center | 2026-01-16 | 8.4 High |
| An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center. This issue affects Paragon Active Assurance: 4.1.0, 4.2.0. | ||||
| CVE-2017-11165 | 1 Datataker | 2 Dt80 Dex, Dt80 Dex Firmware | 2026-01-16 | N/A |
| dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI. | ||||
| CVE-2025-14823 | 1 Connectwise | 1 Screenconnect | 2026-01-16 | 5.3 Medium |
| In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored at rest; however, an encrypted representation could be exposed in client responses. Updating the Certificate Signing Extension to version 1.0.12 or higher ensures configuration handling occurs exclusively on the server side, preventing encrypted values from being transmitted to or rendered by client-side components. | ||||
| CVE-2025-24980 | 1 Pimcore | 1 Admin Classic Bundle | 2026-01-16 | 5.3 Medium |
| pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-26333 | 1 Dell | 1 Bsafe Crypto-j | 2026-01-16 | 5.9 Medium |
| Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure. | ||||
| CVE-2025-63209 | 2 Elca, Elcaradio | 18 Bp1000, Star1000, Star150 and 15 more | 2026-01-15 | 7.5 High |
| The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000, STAR1000, STAR500, and possibly other models, contains an information disclosure vulnerability allowing unauthenticated attackers to retrieve admin credentials and system settings via an unprotected /setup.xml endpoint. The admin password is stored in plaintext under the <p05> XML tag, potentially leading to remote compromise of the transmitter system. | ||||
| CVE-2025-63213 | 1 Qvidium | 2 Opera11, Opera11 Firmware | 2026-01-15 | 9.8 Critical |
| The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code Execution (RCE) due to improper input validation on the /cgi-bin/net_ping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inject arbitrary commands. These commands are executed with root privileges, allowing attackers to gain full control over the device. This poses a significant security risk to any device running this software. | ||||
| CVE-2025-63212 | 1 Gatesair | 9 Flexiva-lx, Flexiva Lx100, Flexiva Lx1000 and 6 more | 2026-01-15 | 6.5 Medium |
| GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out. | ||||
| CVE-2025-68959 | 1 Huawei | 2 Emui, Harmonyos | 2026-01-15 | 6.2 Medium |
| Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-68966 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.1 Medium |
| Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-68965 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 4.7 Medium |
| Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-68964 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 6.2 Medium |
| Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68970 | 1 Huawei | 2 Emui, Harmonyos | 2026-01-15 | 6.1 Medium |
| Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-36437 | 1 Ibm | 1 Planning Analytics Local | 2026-01-14 | 4.3 Medium |
| IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system. | ||||