Export limit exceeded: 362833 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (45905 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-50821 1 Siemens 3 Simatic Pcs 7, Simatic Wincc, Simatic Wincc Runtime Professional 2026-04-15 6.2 Medium
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition.
CVE-2024-9448 1 Arista 1 Eos 2026-04-15 7.5 High
On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.
CVE-2023-50734 2026-04-15 9 Critical
A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
CVE-2025-0325 2026-04-15 4.3 Medium
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.
CVE-2023-50736 2026-04-15 9 Critical
A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
CVE-2023-50434 2026-04-15 9.8 Critical
emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture. Code before be565c3 is unaffected.
CVE-2025-55051 2026-04-15 10 Critical
CWE-1392: Use of Default Credentials
CVE-2025-55050 2026-04-15 9.8 Critical
CWE-1242: Inclusion of Undocumented Features
CVE-2025-0425 2026-04-15 N/A
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt authority\system"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include: * Pushing of malicious update packages * Arbitrary Registry Read as "nt authority\system" An attacker is able to escalate his privileges to "nt authority\system" on the Windows client running the "bestinformed Infoclient".  This attack is not possible if a custom configuration ("Infoclient.ini") containing the flags "ShowOnTaskbar=false" or "DisabledItems=stPort,stAddress" is deployed.
CVE-2024-50944 1 Simplcommerce 1 Simplcommerce 2026-04-15 9.8 Critical
Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.
CVE-2024-8772 2026-04-15 4.3 Medium
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVE-2023-49618 2026-04-15 7.5 High
Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-5484 2026-04-15 8.3 High
A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced during device setup. A malicious actor can retrieve device identifiers with either physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay.
CVE-2023-48906 2026-04-15 4.3 Medium
Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of service via crafted input to the char_for_nibble function.
CVE-2025-4207 1 Postgresql 1 Postgresql 2026-04-15 5.9 Medium
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
CVE-2025-41729 2026-04-15 7.5 High
An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.
CVE-2025-41728 1 Beckhoff 4 Beckhoff.device.manager.xar, Mdp Package, Twincat and 1 more 2026-04-15 5.3 Medium
A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.
CVE-2025-41726 1 Beckhoff 4 Beckhoff.device.manager.xar, Mdp Package, Twincat and 1 more 2026-04-15 8.8 High
A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.
CVE-2025-41426 2026-04-15 9.8 Critical
Affected Vertiv products contain a stack based buffer overflow vulnerability. An attacker could exploit this vulnerability to gain code execution on the device.
CVE-2025-41418 2026-04-15 5.3 Medium
Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request.