Search
Search Results (330294 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7195 | 1 Redhat | 13 Acm, Advanced Cluster Security, Apicurio Registry and 10 more | 2026-01-30 | 5.2 Medium |
| Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | ||||
| CVE-2025-12899 | 2026-01-30 | 6.5 Medium | ||
| A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential information-leak vulnerability in the networking subsystem. | ||||
| CVE-2026-0805 | 2026-01-30 | 8.2 High | ||
| An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal. | ||||
| CVE-2026-0963 | 2026-01-30 | 9.9 Critical | ||
| An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal. | ||||
| CVE-2026-1680 | 2026-01-30 | N/A | ||
| Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions. | ||||
| CVE-2026-25097 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25096 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25095 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25094 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25093 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25092 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25091 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-25090 | 2026-01-30 | N/A | ||
| Not used | ||||
| CVE-2026-24729 | 2026-01-30 | N/A | ||
| An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file. | ||||
| CVE-2026-24728 | 2026-01-30 | N/A | ||
| A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication. | ||||
| CVE-2026-24714 | 2026-01-30 | N/A | ||
| Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. | ||||
| CVE-2025-54942 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | 9.8 Critical |
| A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication. | ||||
| CVE-2026-1340 | 2026-01-30 | 9.8 Critical | ||
| A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | ||||
| CVE-2026-1281 | 2026-01-30 | 9.8 Critical | ||
| A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | ||||
| CVE-2026-1457 | 2026-01-30 | N/A | ||
| An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges. | ||||