Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,215
Quick preset (or use dates below)
Clear Filters
Showing 14,761 - 14,780 of 14,834 CVEs
CVE-2025-49088 MEDIUM - 5.9

Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.

Vendor: pexip
Product: pexip_infinity
Published: Dec 25, 2025
Source: NVD
CVE-2025-68919 MEDIUM - 5.6

Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and avail...

Published: Dec 24, 2025
Source: NVD
CVE-2025-68917 MEDIUM - 6.4

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68915 MEDIUM - 4.8

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.

Vendor: riello-ups
Product: netman_208
Published: Dec 24, 2025
Source: NVD
CVE-2025-68914 MEDIUM - 5.3

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.

Vendor: riello-ups
Product: netman_208
Published: Dec 24, 2025
Source: NVD
CVE-2019-25257 MEDIUM - 6.5

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path...

Published: Dec 24, 2025
Source: NVD
CVE-2019-25256 MEDIUM - 6.5

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by man...

Published: Dec 24, 2025
Source: NVD
CVE-2019-25255 MEDIUM - 4.3

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows attackers to execute system commands with root privileges. Attackers can exploit the vulnerability through a cross-site request forgery (CSRF) mechanism to gain unauthorized system a...

Published: Dec 24, 2025
Source: NVD
CVE-2019-25252 MEDIUM - 4.3

Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administra...

Vendor: teradek
Product: vidiu_pro_firmware
Published: Dec 24, 2025
Source: NVD
CVE-2019-25251 MEDIUM - 6.5

Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trig...

Vendor: teradek
Product: vidiu_pro_firmware
Published: Dec 24, 2025
Source: NVD
CVE-2019-25250 MEDIUM - 5.3

Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL ac...

Published: Dec 24, 2025
Source: NVD
CVE-2019-25247 MEDIUM - 5.3

Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into sub...

Published: Dec 24, 2025
Source: NVD
CVE-2019-25244 MEDIUM - 5.3

Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through unva...

Published: Dec 24, 2025
Source: NVD
CVE-2019-25242 MEDIUM - 4.3

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by tri...

Vendor: iwt
Product: facesentry_access_control_system_firmware
Published: Dec 24, 2025
Source: NVD
CVE-2019-25238 MEDIUM - 4.3

V-SOL GPON/EPON OLT Platform 2.03 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to create admin users, enable SSH, or modify system settings by tricking authenticated administr...

Published: Dec 24, 2025
Source: NVD
CVE-2019-25234 MEDIUM - 5.3

SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious scripts...

Published: Dec 24, 2025
Source: NVD
CVE-2019-25233 MEDIUM - 5.3

AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser sessio...

Published: Dec 24, 2025
Source: NVD
CVE-2018-25156 MEDIUM - 4.3

Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page with a hidden form to submit password change requests to the device's system configuration ...

Vendor: teradek
Product: cube_firmware
Published: Dec 24, 2025
Source: NVD
CVE-2018-25155 MEDIUM - 4.3

Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user visits...

Vendor: teradek
Product: slice_firmware
Published: Dec 24, 2025
Source: NVD
CVE-2018-25152 MEDIUM - 5.3

Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a form that submits requests to the /cgi-bin/pl_web.cgi/util_configlogin_act endpoint to add...

Published: Dec 24, 2025
Source: NVD