Export limit exceeded: 334325 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334325 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-40678 | 1 Summar | 1 Portal Del Empleado | 2025-09-19 | N/A |
| Unrestricted upload vulnerability for dangerous file types on Summar Software´s Portal del Empleado. This vulnerability allows an attacker to upload a dangerous file type by sending a POST request using the parameter “cctl00$ContentPlaceHolder1$fuAdjunto” in “/MemberPages/ntf_absentismo.aspx”. | ||||
| CVE-2024-25011 | 1 Ericsson | 2 Catalog Manager, Order Care | 2025-09-19 | 5.3 Medium |
| Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue. | ||||
| CVE-2025-10207 | 1 Abb | 1 Flxeon | 2025-09-19 | 7.2 High |
| Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. | ||||
| CVE-2025-40677 | 1 Summar | 1 Portal Del Empleado | 2025-09-19 | N/A |
| SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”. | ||||
| CVE-2024-48851 | 1 Abb | 1 Flxeon | 2025-09-19 | 7.2 High |
| Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5. | ||||
| CVE-2025-2404 | 1 Ubit | 1 Stoys | 2025-09-19 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ubit Information Technologies STOYS allows Cross-Site Scripting (XSS).This issue affects STOYS: from 2 before 20250916. | ||||
| CVE-2024-9137 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9004 and 4 more | 2025-09-19 | 9.4 Critical |
| The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. | ||||
| CVE-2025-23337 | 1 Nvidia | 6 Dgx, Dgx Gb200, Hgc and 3 more | 2025-09-19 | 6.7 Medium |
| NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-59678 | 2025-09-19 | N/A | ||
| Not used | ||||
| CVE-2025-59677 | 2025-09-19 | N/A | ||
| Not used | ||||
| CVE-2025-59676 | 2025-09-19 | N/A | ||
| Not used | ||||
| CVE-2025-59675 | 2025-09-19 | N/A | ||
| Not used | ||||
| CVE-2025-59674 | 2025-09-19 | N/A | ||
| Not used | ||||
| CVE-2025-59673 | 2025-09-19 | N/A | ||
| Not used | ||||
| CVE-2025-59672 | 2025-09-19 | N/A | ||
| Not used | ||||
| CVE-2025-59671 | 2025-09-19 | N/A | ||
| Not used | ||||
| CVE-2025-59670 | 2025-09-19 | N/A | ||
| Not used | ||||
| CVE-2023-6943 | 1 Mitsubishielectric | 10 Ezsocket, Fr Configurator2, Got1000 and 7 more | 2025-09-19 | 9.8 Critical |
| Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products. | ||||
| CVE-2023-6942 | 1 Mitsubishielectric | 10 Ezsocket, Fr Configurator2, Got1000 and 7 more | 2025-09-19 | 7.5 High |
| Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally. | ||||
| CVE-2025-5023 | 2025-09-19 | 7.1 High | ||
| Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product (measurement unit and display unit) to disclose information such as generated power and electricity sold back to the grid stored in the product, tamper with or destroy stored or configured information in the product, or cause a Denial-of-Service (DoS) condition on the product, by using hardcoded user ID and password common to the product series obtained by exploiting CVE-2025-5022. The affected products discontinued in 2015, support ended in 2020. | ||||