Search
Search Results (330290 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7195 | 1 Redhat | 13 Acm, Advanced Cluster Security, Apicurio Registry and 10 more | 2026-01-30 | 5.2 Medium |
| Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | ||||
| CVE-2025-54946 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2025-54945 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path. | ||||
| CVE-2025-54944 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution. | ||||
| CVE-2025-54943 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks. | ||||
| CVE-2025-31342 | 1 Galaxy Software Services Corporation | 1 Vitals Esp | 2026-01-30 | N/A |
| An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file. | ||||
| CVE-2026-25090 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25091 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25092 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25093 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25094 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25095 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25096 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25097 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-24714 | 2026-01-30 | N/A | ||
| Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. | ||||
| CVE-2026-24729 | 2026-01-30 | N/A | ||
| An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file. | ||||
| CVE-2026-24728 | 2026-01-30 | N/A | ||
| A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication. | ||||
| CVE-2026-20960 | 1 Microsoft | 1 Power Apps Desktop Client | 2026-01-30 | 8 High |
| Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-20831 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-01-30 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21509 | 1 Microsoft | 7 365 Apps, Office, Office 2016 and 4 more | 2026-01-30 | 7.8 High |
| Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally. | ||||