Export limit exceeded: 345375 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345375 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39329 | 2 Redhat, Uclouvain | 3 Ai Inference Server, Enterprise Linux, Openjpeg | 2026-03-09 | 6.5 Medium |
| A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service. | ||||
| CVE-2023-39327 | 2 Redhat, Uclouvain | 3 Ai Inference Server, Enterprise Linux, Openjpeg | 2026-03-09 | 4.3 Medium |
| A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. | ||||
| CVE-2025-48495 | 1 Forceu | 1 Gokapi | 2026-03-09 | 5.4 Medium |
| Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code. | ||||
| CVE-2025-48494 | 1 Forceu | 1 Gokapi | 2026-03-09 | 5.4 Medium |
| Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens the upload list, the script is then parsed. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users using a version prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A possible workaround would be to disable end-to-end encryption. | ||||
| CVE-2024-55021 | 1 Weintek | 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more | 2026-03-09 | 7.5 High |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. | ||||
| CVE-2024-55022 | 1 Weintek | 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more | 2026-03-09 | 8.8 High |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. | ||||
| CVE-2024-55023 | 1 Weintek | 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more | 2026-03-09 | 5.3 Medium |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. | ||||
| CVE-2025-15288 | 1 Tanium | 2 Interact, Service Interact | 2026-03-09 | 3.1 Low |
| Tanium addressed an improper access controls vulnerability in Interact. | ||||
| CVE-2025-15322 | 1 Tanium | 1 Server | 2026-03-09 | 4.3 Medium |
| Tanium addressed an improper access controls vulnerability in Tanium Server. | ||||
| CVE-2025-15320 | 1 Tanium | 2 Client, Tanium | 2026-03-09 | 3.3 Low |
| Tanium addressed a denial of service vulnerability in Tanium Client. | ||||
| CVE-2025-15315 | 1 Tanium | 3 Module Server, Moduleserver, Server | 2026-03-09 | 6.7 Medium |
| Tanium addressed a local privilege escalation vulnerability in Tanium Module Server. | ||||
| CVE-2025-15316 | 1 Tanium | 2 Module Server, Server | 2026-03-09 | 6.7 Medium |
| Tanium addressed a local privilege escalation vulnerability in Tanium Server. | ||||
| CVE-2025-15317 | 1 Tanium | 1 Server | 2026-03-09 | 6.5 Medium |
| Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server. | ||||
| CVE-2025-15318 | 1 Tanium | 3 End-user Notifications, End-user Notifications Endpoint Tools, Endpoint End-user-notifications | 2026-03-09 | 5.1 Medium |
| Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. | ||||
| CVE-2025-15319 | 1 Tanium | 2 Endpoint Patch, Patch Endpoint Tools | 2026-03-09 | 7.8 High |
| Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. | ||||
| CVE-2025-7375 | 1 Tp-link | 3 Eap610 V3, Omada Eap610, Omada Eap610 Firmware | 2026-03-09 | 6.5 Medium |
| A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610 firmware versions prior to 1.6.0. | ||||
| CVE-2025-15543 | 1 Tp-link | 2 Vx800v, Vx800v Firmware | 2026-03-09 | 4.6 Medium |
| Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files. | ||||
| CVE-2025-15548 | 1 Tp-link | 2 Vx800v, Vx800v Firmware | 2026-03-09 | 6.5 Medium |
| Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality. | ||||
| CVE-2025-15542 | 1 Tp-link | 2 Vx800v, Vx800v Firmware | 2026-03-09 | 5.3 Medium |
| Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls. | ||||
| CVE-2025-15541 | 1 Tp-link | 2 Vx800v, Vx800v Firmware | 2026-03-09 | 6.3 Medium |
| Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk. | ||||