17282 Total CVEs
8582 AI Analyzed
264 CISA KEV
3488 Critical
All Vendors
Showing 13051-13100 of 17282 CVEs Page 262 of 346
CVE-2025-4319
Analyzed
9.4
Unknown Multiple Products

Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Softwa...

2026-01-24
CVE-2025-43189
Analyzed
9.8
Apple Multiple Products

This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to...

2025-07-31
CVE-2025-43188
7.8
Unknown Multiple Products

A permissions issue was addressed with additional restrictions

2025-07-31
CVE-2025-43187
Analyzed
7.8
Unknown Multiple Products

This issue was addressed by removing the vulnerable code

2025-08-29
CVE-2025-43186
Analyzed
9.8
Apple Multiple Products

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, m...

2025-07-30
CVE-2025-43184
Analyzed
9.8
Apple Multiple Products

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequ...

2025-07-31
CVE-2025-43027
Analyzed
9.8
Unknown Multiple Products

A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative ac...

2025-10-30
CVE-2025-42976
8.1
SAP Multiple Products

SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document applic...

2025-08-12
CVE-2025-42967
Analyzed
9.9
SAP Multiple Products

SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to crea...

2025-07-08
CVE-2025-42959
8.1
Unknown Multiple Products

An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing speci...

2025-07-10
CVE-2025-42958
Analyzed
9.1
IBM Multiple Products

Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to r...

2025-09-09
CVE-2025-42957
Analyzed
9.9
SAP Multiple Products

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection...

2025-08-12
CVE-2025-42953
8.1
SAP Multiple Products

SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges

2025-07-10
CVE-2025-42951
Analyzed
8.8
SAP Multiple Products

Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the co...

2025-08-12
CVE-2025-42950
Analyzed
9.9
SAP Multiple Products

SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This fla...

2025-08-12
CVE-2025-42944
Analyzed
10
SAP Multiple Products

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting...

2025-09-09
CVE-2025-42940
7.5
SAP Multiple Products

SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN

2025-11-13
CVE-2025-42937
Analyzed
9.8
SAP Multiple Products

SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to th...

2025-10-14
CVE-2025-42933
8.8
SAP Multiple Products

When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs

2025-09-09
CVE-2025-42929
8.1
Unknown Multiple Products

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the...

2025-09-09
CVE-2025-42928
Analyzed
9.1
SAP Multiple Products

Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The sy...

2025-12-10
CVE-2025-42922
Analyzed
9.9
SAP Multiple Products

SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file....

2025-09-09
CVE-2025-42916
8.1
Unknown Multiple Products

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the...

2025-09-09
CVE-2025-42910
Analyzed
9
SAP Multiple Products

Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files....

2025-10-14
CVE-2025-42880
Analyzed
9.9
SAP Multiple Products

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function...

2025-12-10
CVE-2025-42878
8.2
SAP Multiple Products

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production

2025-12-10
CVE-2025-42877
7.5
SAP Multiple Products

SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to...

2025-12-11
CVE-2025-42874
7.9
SAP Multiple Products

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system...

2025-12-10
CVE-2025-4285
Analyzed
10
Unknown Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows...

2025-07-24
CVE-2025-4277
7.5
Unknown Multiple Products

Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level

2025-08-14
CVE-2025-4276
7.5
UsbCoreDxe Multiple Products

UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level

2025-08-14
CVE-2025-4212
Analyzed
7.2
WordPress Multiple Products

The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, an...

2025-11-19
CVE-2025-41772
Analyzed
7.5
Unknown wwwupdate Service

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate

2026-03-10
CVE-2025-41767
7.2
Unknown Multiple Products

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate

2026-03-10
CVE-2025-41766
Analyzed
8.8
Unknown wwwubr Service

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in f...

2026-03-10
CVE-2025-41765
Analyzed
9.1
Unknown wwwupload.cgi Service

Insufficient authorization in the wwwupload.cgi endpoint allows unauthenticated attackers to upload arbitrary data, including system backups, HTTPS ce...

2026-03-10
CVE-2025-41764
Analyzed
9.1
Unknown wwwupdate.cgi Service

An authorization bypass in the wwwupdate.cgi endpoint allows unauthenticated remote attackers to upload and execute arbitrary updates, potentially lea...

2026-03-10
CVE-2025-41761
Analyzed
7.8
Microsoft Windows (UBR Service)

A low‑privileged local attacker who gains access to the UBR service account (e

2026-03-10
CVE-2025-41758
8.8
Unknown Multiple Products

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload

2026-03-10
CVE-2025-41757
8.8
Arch Multiple Products

A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not vali...

2026-03-10
CVE-2025-41756
Analyzed
8.1
Unknown wwwubr Service

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr

2026-03-10
CVE-2025-41744
Analyzed
9.1
Sprecher Automations Multiple Products

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communication...

2025-12-04
CVE-2025-41742
Analyzed
9.8
Sprecher Automations Multiple Products

Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys...

2025-12-04
CVE-2025-41738
Analyzed
7.5
Unknown Multiple Products

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wro...

2025-12-02
CVE-2025-41737
Analyzed
7.5
HP Multiple Products

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules

2025-11-19
CVE-2025-41736
Analyzed
8.8
HP Multiple Products

A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resul...

2025-11-19
CVE-2025-41735
8.8
Unknown Multiple Products

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution

2025-11-19
CVE-2025-41734
Analyzed
9.8
HP Multiple Products

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.

2025-11-19
CVE-2025-41733
Analyzed
9.8
Unknown Multiple Products

The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can constr...

2025-11-19
CVE-2025-41732
8.8
Unknown Multiple Products

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buff...

2025-12-11