Export limit exceeded: 355047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355047 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12594 | 1 Reliablecontrols | 2 Mach-prowebcom, Mach-prowebcom Firmware | 2026-06-02 | 7.5 High |
| Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field. | ||||
| CVE-2016-9159 | 1 Siemens | 21 Simatic S7-300 Cpu 312, Simatic S7-300 Cpu 314, Simatic S7-300 Cpu 315-2 Dp and 18 more | 2026-06-02 | 5.9 Medium |
| A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. | ||||
| CVE-2015-0987 | 1 Omron | 3 Cj2h Plc, Cj2m Plc, Cx-programmer | 2026-06-02 | 10 Critical |
| Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. | ||||
| CVE-2026-5076 | 2026-06-02 | 9.8 Critical | ||
| The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the `arm_reset_password_key` user meta field when a user requests a password reset. This is in addition to the hashed key that WordPress core stores securely in `wp_users.user_activation_key`. The plaintext key stored in `wp_usermeta` can be used with the plugin's custom `armrp` reset action to set a new password for any user. Combined with another vulnerability such as SQL Injection (CVE-2026-5073, CVE-2026-5074), this makes it possible for unauthenticated attackers to extract the plaintext reset key and take over any user account, including administrators. | ||||
| CVE-2026-5074 | 2026-06-02 | 6.5 Medium | ||
| The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the `get_private_content_data` AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into the ORDER BY clause of an SQL query without a whitelist check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note: The vulnerability can only be exploited if the "User Private Content" addon is enabled, which is disabled by default.. | ||||
| CVE-2026-5073 | 2026-06-02 | 7.5 High | ||
| The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'arm_directory_paging_action' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of sufficient preparation on the existing SQL query in the `arm_get_directory_members()` function. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-48520 | 1 Amd | 5 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-06-02 | N/A |
| An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash | ||||
| CVE-2025-52540 | 1 Amd | 5 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-06-02 | N/A |
| An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege escalation. | ||||
| CVE-2025-48513 | 1 Amd | 6 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 3 more | 2026-06-02 | N/A |
| Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability. | ||||
| CVE-2025-29936 | 1 Amd | 7 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 4 more | 2026-06-02 | N/A |
| Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality. | ||||
| CVE-2025-0028 | 1 Amd | 5 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-06-02 | N/A |
| An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability. | ||||
| CVE-2025-29937 | 1 Amd | 5 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-06-02 | N/A |
| An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality. | ||||
| CVE-2025-29944 | 1 Amd | 14 Athlon 3000 Series Mobile Processors With Radeon Graphics, Ryzen 3000 Series Mobile Processors With Radeon Graphics, Ryzen 4000 Series Mobile Processors With Radeon Graphics and 11 more | 2026-06-02 | N/A |
| A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash | ||||
| CVE-2025-29935 | 1 Amd | 5 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-06-02 | N/A |
| An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability. | ||||
| CVE-2024-21962 | 1 Amd | 26 Athlon 3000 Series Mobile Processors With Radeon Graphics, Epyc 4004 Series Processors, Epyc 4005 Series Processors and 23 more | 2026-06-02 | N/A |
| Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution. | ||||
| CVE-2021-26380 | 1 Amd | 27 Athlon 3000 Series Mobile Processors With Radeon Graphics, Radeon Instinct Mi25, Radeon Pro V520 and 24 more | 2026-06-02 | N/A |
| A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity. | ||||
| CVE-2022-23826 | 1 Amd | 19 Athlon 3000 Series Mobile Processors With Radeon Graphics, Instinct Mi210, Instinct Mi250 and 16 more | 2026-06-02 | N/A |
| A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity. | ||||
| CVE-2023-31316 | 1 Amd | 18 Instinct Mi210, Instinct Mi250, Radeon Pro V620 and 15 more | 2026-06-02 | N/A |
| Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability. | ||||
| CVE-2025-48516 | 1 Amd | 31 Amd Ryzen Ai 300 Series Processors, Athlon 3000 Series Mobile Processors With Radeon Graphics, Ryzen 3000 Series Desktop Processors and 28 more | 2026-06-02 | N/A |
| Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module. | ||||
| CVE-2026-37220 | 1 Mosaic5g | 1 Flexric | 2026-06-02 | 7.5 High |
| FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by simply completing an SCTP handshake and immediately disconnecting, without sending any E2AP message. | ||||