Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47713 | 1 Hasura | 1 Graphql Engine | 2025-12-26 | 7.5 High |
| Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint. | ||||
| CVE-2023-53970 | 2 Db Elettronica, Dbbroadcast | 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | 7.5 High |
| Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafted POST requests with manipulated session parameters. | ||||
| CVE-2023-53969 | 2 Db Elettronica, Dbbroadcast | 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | 7.5 High |
| Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication. | ||||
| CVE-2023-53967 | 2 Db Elettronica, Dbbroadcast | 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | 7.5 High |
| Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password to directly modify the admin account's authentication. | ||||
| CVE-2023-53968 | 2 Db Elettronica, Dbbroadcast | 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | 9.8 Critical |
| Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication. | ||||
| CVE-2023-7328 | 2 Db Elettronica, Dbbroadcast | 4 Screen Sft Dab 600c, Sft Dab 600/c, Sft Dab 600\/c and 1 more | 2025-12-26 | 5.3 Medium |
| Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values. | ||||
| CVE-2025-43296 | 1 Apple | 1 Macos | 2025-12-26 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks. | ||||
| CVE-2005-10004 | 1 Cacti | 1 Cacti | 2025-12-26 | 8.8 High |
| Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity. | ||||
| CVE-2025-43348 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-26 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may bypass Gatekeeper checks. | ||||
| CVE-2023-53974 | 2 D-link, Dlink | 3 Dsl-124, Dsl-124, Dsl-124 Firmware | 2025-12-26 | 7.5 High |
| D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations. | ||||
| CVE-2025-56086 | 1 Ruijie | 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-x60 and 1 more | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | ||||
| CVE-2025-56085 | 1 Ruijie | 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-ew300 Pro and 1 more | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. | ||||
| CVE-2025-56087 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the run_tcpdump in file /usr/lib/lua/luci/controller/admin/common_tcpdump.lua. | ||||
| CVE-2025-56107 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin/common_quick_config.lua. | ||||
| CVE-2025-56096 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/admin/common.lua. | ||||
| CVE-2025-56082 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the check_changes in file /usr/lib/lua/luci/controller/admin/common.lua. | ||||
| CVE-2025-56077 | 2 Ruijie, Ruijienetworks | 6 Rg-eap162\(g\), Rg-rap1260, Rg-rap2200(e) and 3 more | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. | ||||
| CVE-2025-56079 | 1 Ruijie | 4 Be50, Be50 Firmware, Rg-ew1300g and 1 more | 2025-12-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | ||||
| CVE-2025-13489 | 1 Ibm | 2 Devops Deploy, Ucd Ibm Devops Deploy | 2025-12-26 | 5.9 Medium |
| IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-14820 | 2025-12-25 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||