Search
Search Results (329322 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15063 | 2026-01-23 | N/A | ||
| Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27683. | ||||
| CVE-2025-15062 | 2026-01-23 | N/A | ||
| Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27769. | ||||
| CVE-2025-15061 | 2026-01-23 | N/A | ||
| Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Framelink Figma MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the fetchWithRetry method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27877. | ||||
| CVE-2025-15059 | 2026-01-23 | N/A | ||
| GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28232. | ||||
| CVE-2025-11002 | 2026-01-23 | N/A | ||
| 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743. | ||||
| CVE-2025-3839 | 2026-01-23 | 8 High | ||
| A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior. | ||||
| CVE-2026-24334 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24335 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24336 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24337 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24338 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24339 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24340 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24341 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2026-24342 | 2026-01-23 | N/A | ||
| Not used | ||||
| CVE-2023-31228 | 1 Cminds | 1 Cm Search And Replace | 2026-01-23 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. | ||||
| CVE-2025-54834 | 1 Opexustech | 1 Foiaxpress Public Access Link | 2026-01-23 | 5.3 Medium |
| OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place. | ||||
| CVE-2025-54833 | 1 Opexustech | 1 Foiaxpress Public Access Link | 2026-01-23 | 5.3 Medium |
| OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords. | ||||
| CVE-2025-54832 | 1 Opexustech | 1 Foiaxpress Public Access Link | 2026-01-23 | 4.3 Medium |
| OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories. | ||||
| CVE-2023-53890 | 2 Grabaperch, Perch | 2 Perch, Perch Cms | 2026-01-23 | 5.4 Medium |
| Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks. | ||||