Export limit exceeded: 343363 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343363 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12995 | 1 Medtronic | 1 Carelink Network | 2025-12-22 | 8.1 High |
| Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025. | ||||
| CVE-2025-12996 | 1 Medtronic | 1 Carelink Network | 2025-12-22 | 4.1 Medium |
| Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025. | ||||
| CVE-2025-12997 | 1 Medtronic | 1 Carelink Network | 2025-12-22 | 2.2 Low |
| Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025. | ||||
| CVE-2025-10352 | 1 Melistechnology | 1 Melis Platform | 2025-12-22 | N/A |
| Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'. | ||||
| CVE-2019-10648 | 1 Robocode | 1 Robocode | 2025-12-22 | N/A |
| Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL. | ||||
| CVE-2025-49492 | 1 Asrmicro | 7 Asr1803, Asr1806, Asr1901 and 4 more | 2025-12-22 | 7.4 High |
| Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun. This vulnerability is associated with program files apps/atcmd_server/src/dev_api.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536. | ||||
| CVE-2025-49491 | 1 Asrmicro | 7 Asr1803, Asr1806, Asr1901 and 4 more | 2025-12-22 | 5.4 Medium |
| Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (traffic_stat modules) allows Resource Leak Exposure. This vulnerability is associated with program files traffic_stat/traffic_service/traffic_service.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536. | ||||
| CVE-2025-49488 | 1 Asrmicro | 7 Asr1803, Asr1806, Asr1901 and 4 more | 2025-12-22 | 5.4 Medium |
| Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router components allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pb.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536. | ||||
| CVE-2025-49490 | 1 Asrmicro | 7 Asr1803, Asr1806, Asr1901 and 4 more | 2025-12-22 | 5.4 Medium |
| Resource leak vulnerability in ASR180x in router allows Resource Leak Exposure. This vulnerability is associated with program files router/sms/sms.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536. | ||||
| CVE-2011-10037 | 1 Nagios | 2 Nagios Xi, Xi | 2025-12-22 | 5.4 Medium |
| Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of xiwindow variables used to build permalinks in the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2025-49489 | 1 Asrmicro | 7 Asr1803, Asr1806, Asr1901 and 4 more | 2025-12-22 | 5.4 Medium |
| Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (con_mgr components) allows Resource Leak Exposure. This vulnerability is associated with program files con_mgr/dialer_task.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536. | ||||
| CVE-2025-5072 | 1 Asrmicro | 7 Asr1803, Asr1806, Asr1901 and 4 more | 2025-12-22 | 5.4 Medium |
| Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak Exposure.This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536. | ||||
| CVE-2025-4922 | 1 Hashicorp | 1 Nomad | 2025-12-22 | 8.1 High |
| Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14. | ||||
| CVE-2025-49480 | 1 Asrmicro | 7 Asr1803, Asr1806, Asr1901 and 4 more | 2025-12-22 | 7.4 High |
| Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lzma/src/LzmaEnc.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536. | ||||
| CVE-2025-49481 | 1 Asrmicro | 7 Asr1803, Asr1806, Asr1901 and 4 more | 2025-12-22 | 5.4 Medium |
| Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router modules allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pbwork-queue.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536. | ||||
| CVE-2024-28102 | 3 Debian, Latchset, Redhat | 4 Debian Linux, Jwcrypto, Ansible Automation Platform and 1 more | 2025-12-22 | 6.8 Medium |
| JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length. | ||||
| CVE-2025-11374 | 1 Hashicorp | 1 Consul | 2025-12-22 | 6.5 Medium |
| Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12. | ||||
| CVE-2024-57004 | 1 Roundcube | 1 Webmail | 2025-12-22 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session. | ||||
| CVE-2025-11375 | 1 Hashicorp | 1 Consul | 2025-12-22 | 6.5 Medium |
| Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12. | ||||
| CVE-2025-50401 | 2 Mercurycom, Mercusys | 4 D196g, D196g Firmware, Mercury D196g and 1 more | 2025-12-22 | 9.8 Critical |
| Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password. | ||||