Export limit exceeded: 330445 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (330445 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68135 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-02-06 | 6.5 Medium |
| EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the `TbdController` loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and ISO15118-20 servers. Version 2025.10.0 fixes the issue. | ||||
| CVE-2025-68134 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-02-06 | 7.4 High |
| EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denial of service. In a context where a manager handles multiple EVSE, this would also impact other users. Version 2025.10.0 fixes the issue. | ||||
| CVE-2025-68133 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-02-06 | 7.4 High |
| EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new thread is started for each incoming plain TCP or TLS socket connection before any verification occurs, and the verification performed is too permissive. The EVerest processes and all its modules shut down, affecting all EVSE functionality. This issue is fixed in version 2025.10.0. | ||||
| CVE-2025-68132 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-02-06 | 4.6 Medium |
| EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach `is_message_crc_correct` with `vec.size() < 2` (only via the multi-message path), causing an out-of-bounds read before CRC verification and `pop_back` underflow. Therefore, an attacker controlling the serial input can reliably crash the process. Version 2025.12.0 fixes the issue. | ||||
| CVE-2026-22044 | 1 Glpi-project | 1 Glpi | 2026-02-06 | 6.5 Medium |
| GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23. | ||||
| CVE-2026-22247 | 1 Glpi-project | 1 Glpi | 2026-02-06 | 4.1 Medium |
| GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5. | ||||
| CVE-2026-23624 | 1 Glpi-project | 1 Glpi | 2026-02-06 | 4.3 Medium |
| GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patched in versions . | ||||
| CVE-2026-24868 | 1 Mozilla | 1 Firefox | 2026-02-06 | 6.5 Medium |
| Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 147.0.2. | ||||
| CVE-2007-2774 | 1 Sunlight-cms | 1 Sunlight Cms | 2026-02-06 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php. | ||||
| CVE-2025-58381 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2026-02-06 | 2.3 Low |
| A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories. | ||||
| CVE-2025-58380 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2026-02-06 | 2.3 Low |
| A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories. | ||||
| CVE-2025-58379 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2026-02-06 | 5.5 Medium |
| Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user. | ||||
| CVE-2020-37123 | 1 Wcchandler | 1 Pinger | 2026-02-06 | 9.8 Critical |
| Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters. | ||||
| CVE-2019-25273 | 1 Easy-hide-ip | 1 Easy-hide-ip | 2026-02-06 | 7.8 High |
| Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2019-25272 | 1 Tenaxsoft | 1 Cyberplanet | 2026-02-06 | 7.8 High |
| TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and gain elevated system privileges. | ||||
| CVE-2019-25271 | 1 Netgate | 1 Data Backup | 2026-02-06 | 7.8 High |
| NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations. | ||||
| CVE-2019-25269 | 1 Microsoft | 1 Windows | 2026-02-06 | 7.8 High |
| Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations. | ||||
| CVE-2026-24052 | 2 Anthropic, Anthropics | 2 Claude Code, Claude Code | 2026-02-06 | 7.4 High |
| Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains (e.g., docs.python.org, modelcontextprotocol.io), this could have enabled attackers to register domains like modelcontextprotocol.io.example.com that would pass validation. This could enable automatic requests to attacker-controlled domains without user consent, potentially leading to data exfiltration. This issue has been patched in version 1.0.111. | ||||
| CVE-2025-58185 | 1 Golang | 2 Encoding, Go | 2026-02-06 | 5.3 Medium |
| Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. | ||||
| CVE-2026-24053 | 2 Anthropic, Anthropics | 2 Claude Code, Claude Code | 2026-02-06 | 6.5 Medium |
| Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.74. | ||||