Total
331344 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15330 | 1 Tanium | 1 Service Deploy | 2026-02-05 | 8.8 High |
| Tanium addressed an improper input validation vulnerability in Deploy. | ||||
| CVE-2025-15329 | 1 Tanium | 1 Service Threatresponse | 2026-02-05 | 4.9 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-15328 | 1 Tanium | 1 Service Enforce | 2026-02-05 | 5 Medium |
| Tanium addressed an improper link resolution before file access vulnerability in Enforce. | ||||
| CVE-2025-15327 | 1 Tanium | 1 Service Deploy | 2026-02-05 | 4.3 Medium |
| Tanium addressed an improper access controls vulnerability in Deploy. | ||||
| CVE-2025-15326 | 1 Tanium | 1 Service Patch | 2026-02-05 | 4.3 Medium |
| Tanium addressed an improper access controls vulnerability in Patch. | ||||
| CVE-2025-15325 | 1 Tanium | 1 Service Discover | 2026-02-05 | 6.3 Medium |
| Tanium addressed an improper input validation vulnerability in Discover. | ||||
| CVE-2025-15324 | 1 Tanium | 1 Service Engage | 2026-02-05 | 6.6 Medium |
| Tanium addressed a documentation issue in Engage. | ||||
| CVE-2025-15323 | 1 Tanium | 1 Tanos | 2026-02-05 | 3.7 Low |
| Tanium addressed an improper certificate validation vulnerability in Tanium Appliance. | ||||
| CVE-2025-15321 | 1 Tanium | 1 Tanos | 2026-02-05 | 2.7 Low |
| Tanium addressed an improper input validation vulnerability in Tanium Appliance. | ||||
| CVE-2025-15312 | 1 Tanium | 1 Tanos | 2026-02-05 | 6.6 Medium |
| Tanium addressed an improper output sanitization vulnerability in Tanium Appliance. | ||||
| CVE-2025-15311 | 1 Tanium | 1 Tanos | 2026-02-05 | 7.8 High |
| Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. | ||||
| CVE-2025-15289 | 1 Tanium | 1 Service Interact | 2026-02-05 | 3.1 Low |
| Tanium addressed an improper access controls vulnerability in Interact. | ||||
| CVE-2020-37152 | 2026-02-05 | N/A | ||
| PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site. | ||||
| CVE-2020-37150 | 2026-02-05 | 7.5 High | ||
| Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication. | ||||
| CVE-2020-37149 | 2026-02-05 | 8.1 High | ||
| Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's privileges. | ||||
| CVE-2020-37148 | 2026-02-05 | 3.5 Low | ||
| P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html. | ||||
| CVE-2020-37145 | 2026-02-05 | 4.3 Medium | ||
| HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges. | ||||
| CVE-2020-37144 | 2026-02-05 | 5.3 Medium | ||
| Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without the victim's consent. | ||||
| CVE-2020-37136 | 2026-02-05 | 7.5 High | ||
| ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create SSH key files. | ||||
| CVE-2020-37132 | 2026-02-05 | 6.2 Medium | ||
| UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality. | ||||