Search
Search Results (338131 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13905 | 1 Schneider-electric | 2 Ecostruxure Process Expert, Ecostruxure Process Expert For Aveva System Platform | 2026-01-30 | N/A |
| CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart. | ||||
| CVE-2026-0936 | 1 Br-automation | 1 Process Visualization Interface | 2026-01-30 | 5 Medium |
| An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is disabled by default and must be explicitly enabled by the user. | ||||
| CVE-2025-13919 | 2 Broadcom, Symantec | 2 Symantec Endpoint Protection, Endpoint Protection | 2026-01-30 | 4.4 Medium |
| Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry. | ||||
| CVE-2026-25097 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25096 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25095 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25094 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25093 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25092 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25091 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25090 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2025-54942 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication. | ||||
| CVE-2023-4822 | 2 Grafana, Redhat | 3 Grafana, Grafana Enterprise, Ceph Storage | 2026-01-30 | 6.7 Medium |
| Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of. | ||||
| CVE-2025-54946 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2025-54945 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path. | ||||
| CVE-2025-54944 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution. | ||||
| CVE-2025-54943 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks. | ||||
| CVE-2025-31342 | 1 Galaxy Software Services Corporation | 1 Vitals Esp | 2026-01-30 | N/A |
| An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file. | ||||
| CVE-2025-67158 | 1 Revotech | 2 I6032w-fhw, I6032w-fhw Firmware | 2026-01-30 | 7.5 High |
| An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request. | ||||
| CVE-2025-67159 | 1 Vatilon | 2 Pa4, Pa4 Firmware | 2026-01-30 | 7.5 High |
| Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext. | ||||