Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,377
Quick preset (or use dates below)
Clear Filters
Showing 14,341 - 14,360 of 14,425 CVEs
CVE-2025-48704 HIGH - 7.5

Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.

Vendor: pexip
Product: pexip_infinity
Published: Dec 25, 2025
Source: NVD
CVE-2025-32096 HIGH - 7.5

Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.

Vendor: pexip
Product: pexip_infinity
Published: Dec 25, 2025
Source: NVD
CVE-2025-32095 HIGH - 7.5

Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.

Vendor: pexip
Product: pexip_infinity
Published: Dec 25, 2025
Source: NVD
CVE-2025-15076 HIGH - 7.3

A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.

Vendor: tenda
Product: ch22_firmware
Published: Dec 25, 2025
Source: NVD
CVE-2025-68922 HIGH - 7.4

OpenOps before 0.6.11 allows remote code execution in the Terraform block.

Published: Dec 25, 2025
Source: NVD
CVE-2025-68920 HIGH - 8.9

C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68916 HIGH - 7.2

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.

Vendor: riello-ups
Product: netman_208
Published: Dec 24, 2025
Source: NVD
CVE-2025-3232 HIGH - 7.5

A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.

Published: Dec 24, 2025
Source: NVD
CVE-2019-25258 HIGH - 7.5

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convert...

Vendor: logicaldoc
Product: logicaldoc
Published: Dec 24, 2025
Source: NVD
CVE-2019-25254 HIGH - 8.8

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a ...

Vendor: kyocera
Product: net_admin
Published: Dec 24, 2025
Source: NVD
CVE-2019-25253 HIGH - 7.5

KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuration...

Vendor: kyocera
Product: net_admin
Published: Dec 24, 2025
Source: NVD
CVE-2019-25248 HIGH - 7.5

Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.

Published: Dec 24, 2025
Source: NVD
CVE-2019-25246 HIGH - 8.8

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and ...

Published: Dec 24, 2025
Source: NVD
CVE-2019-25245 HIGH - 8.8

Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoa...

Published: Dec 24, 2025
Source: NVD
CVE-2019-25243 HIGH - 8.8

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strI...

Vendor: iwt
Product: facesentry_access_control_system_firmware
Published: Dec 24, 2025
Source: NVD
CVE-2019-25239 HIGH - 7.5

V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentia...

Published: Dec 24, 2025
Source: NVD
CVE-2018-25148 HIGH - 8.8

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, in...

Vendor: microhardcorp
Product: ipn4g_firmware
Published: Dec 24, 2025
Source: NVD
CVE-2018-25147 HIGH - 7.5

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.

Published: Dec 24, 2025
Source: NVD
CVE-2018-25143 HIGH - 8.8

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands ...

Published: Dec 24, 2025
Source: NVD
CVE-2018-25141 HIGH - 7.5

FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without authenti...

Published: Dec 24, 2025
Source: NVD