Export limit exceeded: 325294 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (325294 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25281 | 1 Ncp-e | 1 Ncp Secure Entry Client | 2026-02-05 | 7.8 High |
| NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup. | ||||
| CVE-2019-25285 | 1 Alps | 1 Pointing-device Controller | 2026-02-05 | 7.8 High |
| Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots. | ||||
| CVE-2025-58340 | 1 Samsung | 25 Exynos, Exynos 1080, Exynos 1080 Firmware and 22 more | 2026-02-05 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_delts write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-15281 | 1 Gnu | 1 Glibc | 2026-02-05 | 7.5 High |
| Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. | ||||
| CVE-2025-58344 | 1 Samsung | 25 Exynos, Exynos 1080, Exynos 1080 Firmware and 22 more | 2026-02-05 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation in a /proc/driver/unifi0/conn_log_event_burst_to_us write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-36063 | 1 Ibm | 2 Sterling Connect\, Sterling Connectexpress Adapter For Sterling B2b Integrator 520 | 2026-02-05 | 6.3 Medium |
| IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2026-24345 | 2 Actions-micro, Nimbletech | 4 Ezcast Pro Ii, Ezcast Pro Ii Firmware, Ezcast Pro Dongle Ii and 1 more | 2026-02-05 | 8.8 High |
| Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI | ||||
| CVE-2026-24346 | 2 Actions-micro, Nimbletech | 4 Ezcast Pro Ii, Ezcast Pro Ii Firmware, Ezcast Pro Dongle Ii and 1 more | 2026-02-05 | 9.1 Critical |
| Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application | ||||
| CVE-2026-24347 | 2 Actions-micro, Nimbletech | 4 Ezcast Pro Ii, Ezcast Pro Ii Firmware, Ezcast Pro Dongle Ii and 1 more | 2026-02-05 | 5.3 Medium |
| Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory | ||||
| CVE-2025-59439 | 1 Samsung | 19 Exynos, Exynos 1080, Exynos 1080 Firmware and 16 more | 2026-02-05 | 7.5 High |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling of Exceptional Conditions. | ||||
| CVE-2026-24348 | 2 Actions-micro, Nimbletech | 4 Ezcast Pro Ii, Ezcast Pro Ii Firmware, Ezcast Pro Dongle Ii and 1 more | 2026-02-05 | 6.1 Medium |
| Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users. | ||||
| CVE-2026-20419 | 2 Mediatek, Openwrt | 28 Mt6890, Mt6989tb, Mt7902 and 25 more | 2026-02-05 | 6.5 Medium |
| In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852. | ||||
| CVE-2025-52344 | 1 Explorance | 1 Blue | 2026-02-05 | 6.1 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields. | ||||
| CVE-2026-24831 | 1 Ixray-team | 2 Ix-ray Engine 1.6, Ixray | 2026-02-05 | 7.5 High |
| Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | ||||
| CVE-2026-24832 | 1 Ixray-team | 2 Ix-ray Engine 1.6, Ixray | 2026-02-05 | 9.8 Critical |
| Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | ||||
| CVE-2026-24870 | 1 Ixray-team | 2 Ix-ray Engine 1.6, Ixray | 2026-02-05 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | ||||
| CVE-2025-57792 | 1 Explorance | 1 Blue | 2026-02-05 | 10 Critical |
| Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication, significantly raising the risk. | ||||
| CVE-2025-57793 | 1 Explorance | 1 Blue | 2026-02-05 | 8.6 High |
| Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly elevating the risk. | ||||
| CVE-2025-57794 | 1 Explorance | 1 Blue | 2026-02-05 | 9.1 Critical |
| Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables remote code execution under default configurations. | ||||
| CVE-2025-57795 | 1 Explorance | 1 Blue | 2026-02-05 | 9.9 Critical |
| Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution. | ||||