Export limit exceeded: 344013 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344013 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344013 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344013 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344013 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36125 | 1 Ibm | 2 Hardware Management Console, Power Hardware Management Console | 2025-12-19 | 6.4 Medium |
| IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-10220 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-12-19 | 9.8 Critical |
| Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others. | ||||
| CVE-2025-10221 | 2 Axxonsoft, Microsoft | 2 Axxon One, Windows | 2025-12-19 | 5.5 Medium |
| Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords. | ||||
| CVE-2025-40602 | 1 Sonicwall | 10 Sma1000, Sma6200, Sma6200 Firmware and 7 more | 2025-12-19 | 6.6 Medium |
| A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). | ||||
| CVE-2025-10226 | 3 Axxonsoft, Linux, Microsoft | 4 Axxon One, Linux, Linux Kernel and 1 more | 2025-12-19 | 9.8 Critical |
| Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4. | ||||
| CVE-2025-10227 | 3 Axxonsoft, Linux, Microsoft | 4 Axxon One, Linux, Linux Kernel and 1 more | 2025-12-19 | 4.6 Medium |
| Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest. | ||||
| CVE-2025-36035 | 1 Ibm | 24 Power9 System Firmware, Power System E1050 \(9043-mrx\), Power System E1080 \(9080-hex\) and 21 more | 2025-12-19 | 6.7 Medium |
| IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources. | ||||
| CVE-2025-35436 | 1 Cisa | 1 Thorium | 2025-12-19 | 5.3 Medium |
| CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27. | ||||
| CVE-2025-35041 | 2 Airship.ai, Airship Ai | 2 Acropolis, Acropolis | 2025-12-19 | 7.5 High |
| Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9. | ||||
| CVE-2025-35042 | 2 Airship.ai, Airship Ai | 2 Acropolis, Acropolis | 2025-12-19 | 9.8 Critical |
| Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9. | ||||
| CVE-2024-4029 | 1 Redhat | 7 Build Keycloak, Jboss Data Grid, Jboss Enterprise Application Platform and 4 more | 2025-12-19 | 4.1 Medium |
| A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections. | ||||
| CVE-2025-10729 | 1 Qt | 1 Qt | 2025-12-19 | 8.6 High |
| The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free. | ||||
| CVE-2025-68491 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68490 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68489 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68488 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68487 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68486 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68485 | 2025-12-19 | N/A | ||
| Not used | ||||
| CVE-2025-68484 | 2025-12-19 | N/A | ||
| Not used | ||||