Export limit exceeded: 80808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80808 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-43120 | 1 Linux | 1 Linux Kernel | 2026-05-12 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released and a new one will be allocated in irdma_rereg_mr_trans. If any step of irdma_rereg_mr_trans fails after the new umem is allocated, it releases the umem, but does not set iwmr->region to NULL. The problem is that this failure is propagated to the user, who will then call ibv_dereg_mr (as they should). Then, the dereg_mr path will see a non-NULL umem and attempt to call ib_umem_release again. Fix this by setting iwmr->region to NULL after ib_umem_release. Fixed: 5ac388db27c4 ("RDMA/irdma: Add support to re-register a memory region") | ||||
| CVE-2025-65418 | 1 Docuform | 1 Docuform | 2026-05-12 | 7.5 High |
| docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url. | ||||
| CVE-2026-45214 | 2 Wordpress, Xpro | 2 Wordpress, Xpro Elementor Addons | 2026-05-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through <= 1.5.1. | ||||
| CVE-2026-43138 | 1 Linux | 1 Linux Kernel | 2026-05-12 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppress sysfs bind attributes so that user-space can't unbind the device because - as of now - it will cause a use-after-free splat from any user that puts the reset control handle. | ||||
| CVE-2026-43134 | 1 Linux | 1 Linux Kernel | 2026-05-12 | 8.1 High |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAP_CR_LE_BAD_KEY_SIZE. | ||||
| CVE-2025-67486 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2026-05-12 | 7.2 High |
| Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the "computed value" field is passed to PHP's `eval()` function without adequate sanitization, allowing authenticated administrators to execute arbitrary PHP code on the server. As of time of publication, no patched versions are available. | ||||
| CVE-2025-15620 | 1 Belden | 1 Hirschmann Hios Switch Platform | 2026-05-12 | 8.6 High |
| HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch. | ||||
| CVE-2024-14033 | 1 Belden | 1 Hirschmann Eaglesdv | 2026-05-12 | 7.5 High |
| Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface. Attackers can exploit this heap overflow to crash the affected device and cause service disruption, particularly in configurations where the Public Spot functionality is enabled. | ||||
| CVE-2023-7343 | 1 Belden | 1 Hirschmann Industrial Hivision | 2026-05-12 | 7.8 High |
| HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device. | ||||
| CVE-2023-53889 | 2 Grabaperch, Perch | 2 Perch, Perch Cms | 2026-05-12 | 7.2 High |
| Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary commands on the server. | ||||
| CVE-2023-53888 | 2 Zomp, Zomplog | 2 Zomplog, Zomplog | 2026-05-12 | 8.8 High |
| Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application. | ||||
| CVE-2023-53886 | 1 Xlightftpd | 1 Xlight Ftp Server | 2026-05-12 | 7.5 High |
| Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition. | ||||
| CVE-2023-53885 | 1 Webutler | 1 Webutler | 2026-05-12 | 7.2 High |
| Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded file. | ||||
| CVE-2023-53883 | 1 Webedition | 1 Webedition Cms | 2026-05-12 | 7.2 High |
| Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server. | ||||
| CVE-2022-4987 | 1 Belden | 1 Hirschmann Industrial Hivision | 2026-05-12 | 7.3 High |
| Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binary in the execution path of a configured external application, causing it to be executed instead of the intended application. This can result in execution with elevated privileges depending on the context of the external application. | ||||
| CVE-2022-4986 | 1 Belden | 1 Hirschmann Eaglesdv | 2026-05-12 | 7.5 High |
| Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service availability. | ||||
| CVE-2020-37015 | 1 Ruijienetworks | 1 Switch Eweb S29 Rgos | 2026-05-12 | 7.5 High |
| Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve system configuration files containing credentials and network settings. | ||||
| CVE-2020-37013 | 1 Tucows | 1 Audio Playback Recorder | 2026-05-12 | 8.4 High |
| Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode when pasting specially crafted input into the application's input fields. | ||||
| CVE-2020-37011 | 1 Gnome | 2 Fonts Viewer, Gnome-font-viewer | 2026-05-12 | 7.5 High |
| Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to cause an infinite malloc() loop and potentially crash the gnome-font-viewer process. | ||||
| CVE-2020-37008 | 1 Elektraweb | 1 Easypms | 2026-05-12 | 7.5 High |
| EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication. | ||||