Export limit exceeded: 334336 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334336 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53398 | 1 Portrait | 2 Dell Color Management, Dell Color Management Application | 2026-01-02 | 7.8 High |
| The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions, | ||||
| CVE-2025-53618 | 2 Grassroots Dicom Project, Malaterre | 2 Grassroots Dicom, Grassroots Dicom | 2026-01-02 | 7.4 High |
| An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `grayscale_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data | ||||
| CVE-2025-53619 | 2 Grassroots Dicom Project, Malaterre | 2 Grassroots Dicom, Grassroots Dicom | 2026-01-02 | 7.4 High |
| An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `null_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data | ||||
| CVE-2025-67015 | 1 Comtech | 4 Cdm-625, Cdm-625 Firmware, Cdm-625a and 1 more | 2026-01-02 | 7.5 High |
| Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1. | ||||
| CVE-2025-53919 | 1 Portrait | 2 Dell Color Management, Dell Color Management Application | 2026-01-02 | 7.8 High |
| An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevation of privileges. | ||||
| CVE-2025-53922 | 1 Galette | 1 Galette | 2026-01-02 | 4.9 Medium |
| Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue. | ||||
| CVE-2019-17667 | 1 Comtech | 2 H8 Heights Remote Gateway, H8 Heights Remote Gateway Firmware | 2026-01-02 | 5.4 Medium |
| Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field. | ||||
| CVE-2020-5179 | 1 Comtech | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2026-01-02 | 7.2 High |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | ||||
| CVE-2020-7242 | 1 Comtech | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2026-01-02 | 7.2 High |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | ||||
| CVE-2020-7243 | 1 Comtech | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2026-01-02 | 7.2 High |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | ||||
| CVE-2020-7244 | 1 Comtech | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2026-01-02 | 7.2 High |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | ||||
| CVE-2025-50399 | 1 Fastcom | 2 Fac1200r, Fac1200r Firmware | 2026-01-02 | 9.8 Critical |
| FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter password. | ||||
| CVE-2025-50402 | 1 Fastcom | 2 Fac1200r, Fac1200r Firmware | 2026-01-02 | 9.8 Critical |
| FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password. | ||||
| CVE-2025-50526 | 1 Netgear | 2 Ex8000, Ex8000 Firmware | 2026-01-02 | 9.8 Critical |
| Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function. | ||||
| CVE-2025-50681 | 1 Pali | 1 Igmpproxy | 2026-01-02 | 7.5 High |
| igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src/igmpproxy.c, an invalid group record type can trigger a NULL pointer dereference when logging the address using `inet_fmtsrc()`. This vulnerability can be exploited by sending malformed multicast traffic to a host running igmpproxy, leading to a crash. igmpproxy is used in various embedded networking environments and consumer-grade IoT devices (such as home routers and media gateways) to handle multicast traffic for IPTV and other streaming services. Affected devices that rely on unpatched versions of igmpproxy may be vulnerable to remote denial-of-service attacks across a LAN . | ||||
| CVE-2025-51962 | 1 Microstudio | 1 Microstudio | 2026-01-02 | 6.1 Medium |
| A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of add_project_comment function. | ||||
| CVE-2025-52196 | 1 Ctera | 2 Ctera, Portal | 2026-01-02 | 7.5 High |
| Server-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x (8.1.1417.24) allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe. | ||||
| CVE-2025-52493 | 1 Pagerduty | 2 Runbook, Runbook Automation | 2026-01-02 | 6.5 Medium |
| PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from "password" to "text" using browser developer tools. This vulnerability is exploitable by administrative users who have access to the configuration page. | ||||
| CVE-2019-25262 | 2026-01-02 | 3.5 Low | ||
| A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is 995dd89d0e3ec5522966724be23a5d58ca1bdac3. Applying a patch is advised to resolve this issue. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-52582 | 2 Grassroots Dicom Project, Malaterre | 2 Grassroots Dicom, Grassroots Dicom | 2026-01-02 | 7.4 High |
| An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | ||||