Export limit exceeded: 366011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (8886 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7012 2026-04-15 N/A
An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling.
CVE-2025-70559 1 Pdfminer 1 Pdfminer.six 2026-04-15 6.5 Medium
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the application can trigger arbitrary code execution or privilege escalation when the file is loaded by a trusted process. This is caused by an incomplete patch to CVE-2025-64512.
CVE-2025-8997 1 Opentext 1 Enterprise Security Manager 2026-04-15 N/A
An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.
CVE-2025-9260 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to PHP Object Injection in versions 5.1.16 to 6.1.1 via deserialization of untrusted input in the parseUserProperties function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to read arbitrary files. If allow_url_include is enabled on the server, remote code execution is possible. While the vendor patched this issue in version 6.1.0, the patch caused a fatal error in the vulnerable code, due to a missing class import, so we consider 6.1.2 to be the most complete and best patched version
CVE-2025-9365 1 Fujielectric 1 Frenic Loader 2026-04-15 7.8 High
Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code.
CVE-2024-42407 2026-04-15 8.5 High
Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. This issue affects: Command Centre Server 9.10 prior to 9.10.2149 (MR4), 9.00 prior to 9.00.2374 (MR5), 8.90 prior to 8.90.2356 (MR6), all versions of 8.80 and prior.
CVE-2009-10005 1 Contentkeeper Technologies 1 Contentkeeper 2026-04-15 N/A
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.
CVE-2025-24884 2026-04-15 N/A
kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16.
CVE-2025-33213 1 Nvidia 1 Merlin Transformers4rec 2026-04-15 8.8 High
NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
CVE-2025-34414 1 Entrust 1 Instant Financial Issuance 2026-04-15 N/A
Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the Legacy Remoting Service that is enabled by default. The service registers a TCP remoting channel with SOAP and binary formatters configured at TypeFilterLevel=Full and exposes default ObjectURI endpoints such as logfile.rem, photo.rem, cwPhoto.rem, and reports.rem on a network-reachable remoting port. A remote, unauthenticated attacker who can reach the remoting port can invoke exposed remoting objects to read arbitrary files from the server and coerce outbound authentication, and may achieve arbitrary file write and remote code execution via known .NET Remoting exploitation techniques. This can lead to disclosure of sensitive installation and service-account data and compromise of the affected host.
CVE-2025-62363 1 Ytgrabber-tui 1 Ytgrabber-tui 2026-04-15 7.8 High
yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui. This vulnerability has been patched in version 1.0-rc.
CVE-2021-4463 1 Shenzhen Longjing Technology 1 Bems Api 2026-04-15 N/A
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
CVE-2024-39636 1 Codesolz 1 Better Find And Replace 2026-04-15 8.3 High
Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.This issue affects Better Find and Replace: from n/a through 1.6.1.
CVE-2024-55556 2026-04-15 9.8 Critical
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this vulnerability relies on an attacker obtaining Laravel's secret APP_KEY, which would allow them to decrypt and manipulate session cookies (laravel_session) containing serialized data. By altering this data and re-encrypting it with the APP_KEY, the attacker could trigger arbitrary deserialization on the server, potentially leading to remote command execution (RCE). The vulnerability is primarily exploited by accessing an exposed cookie and manipulating it using the secret key to gain malicious access to the server.
CVE-2024-56074 2026-04-15 5.5 Medium
gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.
CVE-2025-25013 2026-04-15 6.5 Medium
Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.
CVE-2025-41667 2026-04-15 8.8 High
A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.
CVE-2025-54923 1 Schneider-electric 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports 2026-04-15 N/A
CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization.
CVE-2018-25117 2 Linux, Vestacp 2 Linux, Control Panel 2026-04-15 N/A
VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot that uses Lua for second- and third-stage components. The compromise leaked administrative credentials (base64-encoded admin password and server domain) to an external URL during installation and/or resulted in the installer dropping and executing a DDoS malware payload under local system privileges. Compromised servers were subsequently observed participating in large-scale DDoS activity. Vesta acknowledged exploitation in the wild in October 2018.
CVE-2016-15056 2 Ubee, Ubeeinteractive 2 Ubee Evw3226, Evw3226 2026-04-15 N/A
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can request 'Configuration_file.cfg' directly to obtain the backup archive. Because backup files are not encrypted, they expose sensitive information including the plaintext admin password, allowing full compromise of the device.