Search
Search Results (329883 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37080 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2026-01-24 | 9.8 Critical |
| vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | ||||
| CVE-2026-24649 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24648 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24647 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24646 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24645 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24644 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24643 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24642 | 2026-01-24 | N/A | ||
| Not used | ||||
| CVE-2026-24402 | 2026-01-24 | N/A | ||
| GitHub cannot issue a CVE for this Security Advisory because this advisory includes information about more than one vulnerability. According to [rule 4.2.11 of the CVE CNA rules](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-2_CVE_ID_Assignment): > 4.2.6 CNAs SHOULD assign different CVE IDs to separate Vulnerabilities, as determined using the guidance in [4.1](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-1_Vulnerability_Determination). > 4.2.11 CNAs SHOULD assign different CVE IDs to different, Independently Fixable Vulnerabilities. You can move forward in one of two ways: - If you agree that this Security Advisory concerns more than one independently fixable vulnerability, split each vulnerability into its own advisory and request one CVE for each vulnerability. - If you do not agree that these vulnerabilities are independently fixable, resubmit the CVE request with a section clarifying how they are dependent and should have the same CVE. Thank you for making the open source ecosystem more secure by fixing and responsibly disclosing these vulnerabilities. | ||||
| CVE-2026-0991 | 2026-01-23 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-12780 | 2026-01-23 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-0103 | 1 Paloaltonetworks | 1 Expedition | 2026-01-23 | 8.8 High |
| An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system. | ||||
| CVE-2025-0104 | 1 Paloaltonetworks | 1 Expedition | 2026-01-23 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to Expedition browser-session theft. | ||||
| CVE-2012-5644 | 4 Debian, Fedoraproject, Libuser Project and 1 more | 4 Debian Linux, Fedora, Libuser and 1 more | 2026-01-23 | 5.5 Medium |
| libuser has information disclosure when moving user's home directory | ||||
| CVE-2025-0105 | 1 Paloaltonetworks | 1 Expedition | 2026-01-23 | 9.1 Critical |
| An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem. | ||||
| CVE-2025-0106 | 1 Paloaltonetworks | 1 Expedition | 2026-01-23 | 5.3 Medium |
| A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem. | ||||
| CVE-2025-0107 | 1 Paloaltonetworks | 1 Expedition | 2026-01-23 | 9.8 Critical |
| An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software. | ||||
| CVE-2025-30025 | 1 Axis | 2 Camera Station Pro, Device Manager | 2026-01-23 | 7.8 High |
| The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. | ||||
| CVE-2025-30024 | 1 Axis | 1 Device Manager | 2026-01-23 | 6.8 Medium |
| The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack. | ||||