Export limit exceeded: 325344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (325344 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37200 | 1 Nsasoft | 2 Netsharewatcher, Nsauditor Netsharewatcher | 2026-02-17 | 7.5 High |
| NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash. | ||||
| CVE-2021-47723 | 1 Stvs | 1 Provision | 2026-02-17 | 8.8 High |
| STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users. | ||||
| CVE-2026-24490 | 2 Mobsf, Opensecurity | 2 Mobile Security Framework, Mobile Security Framework | 2026-02-17 | 8.1 High |
| MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The `android:host` attribute from `<data android:scheme="android_secret_code">` elements is rendered in HTML reports without sanitization, enabling session hijacking and account takeover. Version 4.4.5 fixes the issue. | ||||
| CVE-2020-37201 | 1 Nsasoft | 2 Netsharewatcher, Nsauditor Netsharewatcher | 2026-02-17 | 7.5 High |
| NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. | ||||
| CVE-2026-1361 | 2 Delta Electronics, Deltaww | 2 Asdasoft, Asda Soft | 2026-02-17 | 7.8 High |
| ASDA-Soft Stack-based Buffer Overflow Vulnerability | ||||
| CVE-2026-26020 | 2 Agpt, Significant-gravitas | 2 Autogpt Platform, Autogpt | 2026-02-17 | 8.8 High |
| AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution (RCE) on the backend server by embedding a disabled block inside a graph. The BlockInstallationBlock — a development tool capable of writing and importing arbitrary Python code — was marked disabled=True, but graph validation did not enforce this flag. This allowed any authenticated user to bypass the restriction by including the block as a node in a graph, rather than calling the block's execution endpoint directly (which did enforce the flag). This vulnerability is fixed in 0.6.48. | ||||
| CVE-2026-24793 | 1 Azerothcore | 2 Azerothcore, Wotlk | 2026-02-17 | 9.8 Critical |
| Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C. This issue affects azerothcore-wotlk: through v4.0.0. | ||||
| CVE-2024-8499 | 1 Themehigh | 1 Checkout Field Editor For Woocommerce | 2026-02-17 | 4.7 Medium |
| The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2021-41773 | 4 Apache, Fedoraproject, Netapp and 1 more | 4 Http Server, Fedora, Cloud Backup and 1 more | 2026-02-17 | 7.5 High |
| A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. | ||||
| CVE-2025-64097 | 1 Nerves-hub | 2 Nerves Hub Web, Nerveshub | 2026-02-17 | 9.8 Critical |
| NervesHub is a web service that allows users to manage over-the-air (OTA) firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens. Tokens included user-identifiable components and were not cryptographically secure, making them susceptible to guessing or enumeration. The vulnerability could have allowed unauthorized access to user accounts or API actions protected by these tokens. A fix is available in version 2.3.0 of NervesHub. This version introduces strong, cryptographically-random tokens using `:crypto.strong_rand_bytes/1`, hashing of tokens before database storage to prevent misuse even if the database is compromised, and context-aware token storage to distinguish between session and API tokens. There are no practical workarounds for this issue other than upgrading. In sensitive environments, as a temporary mitigation, firewalling access to the NervesHub server can help limit exposure until an upgrade is possible. | ||||
| CVE-2024-11831 | 1 Redhat | 34 Acm, Advanced Cluster Security, Ansible Automation Platform and 31 more | 2026-02-17 | 5.4 Medium |
| A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package. | ||||
| CVE-2026-1331 | 1 Hamastar | 2 Meetinghub, Meetinghub Paperless Meetings | 2026-02-17 | 9.8 Critical |
| MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | ||||
| CVE-2026-1330 | 1 Hamastar | 2 Meetinghub, Meetinghub Paperless Meetings | 2026-02-17 | 7.5 High |
| MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. | ||||
| CVE-2024-12104 | 1 Atarim | 1 Atarim | 2026-02-17 | 5.3 Medium |
| The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and including, 4.0.9. This makes it possible for unauthenticated attackers to delete project pages and files. | ||||
| CVE-2026-20676 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-02-17 | 4.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions. | ||||
| CVE-2026-1761 | 1 Redhat | 9 Enterprise Linux, Enterprise Linux Eus, Openshift Devspaces and 6 more | 2026-02-17 | 8.6 High |
| A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction. | ||||
| CVE-2026-1358 | 1 Airleader | 1 Airleader Master | 2026-02-17 | 9.8 Critical |
| Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server. | ||||
| CVE-2025-63354 | 2 Hitron, Hitrontech | 3 Hi3120, Hi3120, Hi3120 Firmware | 2026-02-17 | 4.8 Medium |
| Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript. | ||||
| CVE-2026-1332 | 1 Hamastar | 2 Meetinghub, Meetinghub Paperless Meetings | 2026-02-17 | 5.3 Medium |
| MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific API functions and obtain meeting-related information. | ||||
| CVE-2024-23480 | 1 Zscaler | 1 Client Connector | 2026-02-17 | 7.5 High |
| A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2. | ||||