Total
331675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54942 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | N/A | 9.8 CRITICAL |
| A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication. | |||||
| CVE-2025-54946 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2025-54945 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | N/A | 9.8 CRITICAL |
| An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path. | |||||
| CVE-2025-54944 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution. | |||||
| CVE-2025-54943 | 1 Sun.net | 1 Ehrd Ctms | 2026-01-30 | N/A | 9.8 CRITICAL |
| A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks. | |||||
| CVE-2025-31342 | 2026-01-30 | N/A | N/A | ||
| An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file. | |||||
| CVE-2025-67158 | 1 Revotech | 2 I6032w-fhw, I6032w-fhw Firmware | 2026-01-30 | N/A | 7.5 HIGH |
| An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request. | |||||
| CVE-2025-67159 | 1 Vatilon | 2 Pa4, Pa4 Firmware | 2026-01-30 | N/A | 7.5 HIGH |
| Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext. | |||||
| CVE-2025-67160 | 1 Vatilon | 2 Pa4, Pa4 Firmware | 2026-01-30 | N/A | 7.5 HIGH |
| An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal. | |||||
| CVE-2026-0618 | 1 Ironmansoftware | 1 Powershell Universal | 2026-01-30 | N/A | 6.1 MEDIUM |
| Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13. | |||||
| CVE-2025-61492 | 1 Gongrzhe | 1 Terminal-controller-mcp | 2026-01-30 | N/A | 10.0 CRITICAL |
| A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input. | |||||
| CVE-2025-65328 | 1 Mega-fence Project | 1 Mega-fence | 2026-01-30 | N/A | 6.5 MEDIUM |
| Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant state (e.g., WG_CLIENT_IP cookie). Deployments that rely on this value for IP allowlists may be bypassed. | |||||
| CVE-2025-67303 | 1 Comfy | 1 Comfyui-manager | 2026-01-30 | N/A | 7.5 HIGH |
| An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface | |||||
| CVE-2025-67315 | 1 Phpgurukul | 1 Employee Leave Management System | 2026-01-30 | N/A | 5.4 MEDIUM |
| Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component | |||||
| CVE-2025-52519 | 1 Samsung | 12 Exynos 1330, Exynos 1330 Firmware, Exynos 1380 and 9 more | 2026-01-30 | N/A | 7.1 HIGH |
| An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service. | |||||
| CVE-2025-57836 | 2 Microsoft, Samsung | 2 Windows, Magician | 2026-01-30 | N/A | 7.8 HIGH |
| An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges. | |||||
| CVE-2025-67316 | 1 Heytap | 1 Internet Browser | 2026-01-30 | N/A | 5.4 MEDIUM |
| An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser | |||||
| CVE-2026-21633 | 1 Ui | 1 Unifi Protect | 2026-01-30 | N/A | 8.8 HIGH |
| A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later. | |||||
| CVE-2026-21634 | 1 Ui | 1 Unifi Protect | 2026-01-30 | N/A | 6.5 MEDIUM |
| A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later. | |||||
| CVE-2026-21635 | 1 Ui | 2 Unifi Connect Ev Station Lite, Unifi Connect Ev Station Lite Firmware | 2026-01-30 | N/A | 5.3 MEDIUM |
| An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet. | |||||