Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61934 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2025-10-27 | 10 Critical |
| A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine | ||||
| CVE-2025-60023 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2025-10-27 | 4 Medium |
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine. | ||||
| CVE-2025-58456 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2025-10-27 | 6.8 Medium |
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine. | ||||
| CVE-2025-58078 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2025-10-27 | 7.5 High |
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine. | ||||
| CVE-2025-55067 | 1 Veeder | 1 Tls4b Automatic Tank Gauge System | 2025-10-27 | 7.1 High |
| The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history visibility, and leak detection termination. This vulnerability could allow an attacker to manipulate the system time to trigger a denial of service (DoS) condition, leading to administrative lockout, operational timer failures, and corrupted log entries. | ||||
| CVE-2025-34156 | 1 Tibbo | 1 Aggregate | 2025-10-27 | N/A |
| Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could aid further compromise. | ||||
| CVE-2025-23332 | 2 Linux, Nvidia | 10 Linux, Display Driver, Driver and 7 more | 2025-10-27 | 5 Medium |
| NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where an attacker might be able to trigger a null pointer deference. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-23330 | 1 Nvidia | 1 Display Driver | 2025-10-27 | 5.5 Medium |
| NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-10937 | 1 Nanoporetech | 1 Minknow | 2025-10-27 | 5.5 Medium |
| Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorized local user or process can exploit this behavior by placing a file lock on the temporary token file using the flock system call. This prevents MinKNOW from completing the token generation process. As a result, no valid local token is created, and the software is unable to execute commands on the sequencer. This leads to a denial-of-service (DoS) condition, blocking sequencing operations. | ||||
| CVE-2025-34155 | 1 Tibbo | 1 Aggregate | 2025-10-27 | N/A |
| Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can facilitate user enumeration and increase the likelihood of targeted brute-force or credential-stuffing attacks. | ||||
| CVE-2025-6978 | 1 Arista | 1 Ng Firewall | 2025-10-27 | 7.2 High |
| Diagnostics command injection vulnerability | ||||
| CVE-2025-58429 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2025-10-27 | 7.5 High |
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine. | ||||
| CVE-2025-6980 | 1 Arista | 1 Ng Firewall | 2025-10-27 | 7.5 High |
| Captive Portal can expose sensitive information | ||||
| CVE-2025-46205 | 1 Podofo Project | 1 Podofo | 2025-10-27 | 8.1 High |
| A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue. | ||||
| CVE-2025-36002 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-10-25 | 5.5 Medium |
| IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user. | ||||
| CVE-2025-9341 | 1 Bouncycastle | 1 Legion-of-the-bouncy-castle-fips-java-api | 2025-10-24 | 6.2 Medium |
| Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files org/bouncycastle/crypto/fips/AESNativeCBC.Java, org/bouncycastle/crypto/engines/AESNativeCBC.Java. This issue affects Bouncy Castle for Java FIPS: 2.1.0; Bouncy Castle for Java LTS: from 2.73.0 through 2.73.7. | ||||
| CVE-2021-30632 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-10-24 | 8.8 High |
| Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-30633 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-10-24 | 9.6 Critical |
| Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2021-37973 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-10-24 | 9.6 Critical |
| Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2021-21220 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-10-24 | 8.8 High |
| Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||