Export limit exceeded: 324322 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (324322 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25484 | 1 Craftcms | 2 Commerce, Craft Commerce | 2026-02-10 | 4.8 Medium |
| Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there is a Stored XSS via Product Type names. The name is not sanitized when displayed in user permissions settings. The vulnerable input (source) is in Commerce (Product Type settings), but the sink is in CMS user permissions settings. This issue has been patched in versions 4.10.1 and 5.5.2. | ||||
| CVE-2026-25485 | 1 Craftcms | 2 Commerce, Craft Commerce | 2026-02-10 | 4.8 Medium |
| Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories (Name & Description) fields in the Store Management section are not properly sanitized before being displayed in the admin panel. This issue has been patched in versions 4.10.1 and 5.5.2. | ||||
| CVE-2026-24926 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 8.4 High |
| Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24923 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 6.3 Medium |
| Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-25489 | 1 Craftcms | 2 Commerce, Craft Commerce | 2026-02-10 | 4.8 Medium |
| Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Tax Zones are not properly sanitized before being displayed in the admin panel. This issue has been patched in versions 4.10.1 and 5.5.2. | ||||
| CVE-2026-25490 | 1 Craftcms | 2 Commerce, Craft Commerce | 2026-02-10 | 4.8 Medium |
| Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the 'Address Line 1' field in Inventory Locations is not properly sanitized before being displayed in the admin panel. This issue has been patched in versions 4.10.1 and 5.5.2. | ||||
| CVE-2025-15339 | 1 Tanium | 2 Discover, Service Discover | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Discover. | ||||
| CVE-2025-15341 | 1 Tanium | 2 Benchmark, Service Benchmark | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Benchmark. | ||||
| CVE-2026-24919 | 1 Huawei | 2 Emui, Harmonyos | 2026-02-10 | 6 Medium |
| Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24918 | 1 Huawei | 2 Emui, Harmonyos | 2026-02-10 | 6.8 Medium |
| Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-25483 | 1 Craftcms | 2 Commerce, Craft Commerce | 2026-02-10 | 5.4 Medium |
| Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script execution. If a user has database backup utility permissions (which do not require an elevated session), an attacker can exfiltrate the entire database, including all user credentials, customer PII, order history, and 2FA recovery codes. This issue has been patched in versions 4.10.1 and 5.5.2. | ||||
| CVE-2026-24915 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 6.2 Medium |
| Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-24914 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 4 Medium |
| Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-15328 | 2 Enforce, Tanium | 2 Enforce, Service Enforce | 2026-02-10 | 5 Medium |
| Tanium addressed an improper link resolution before file access vulnerability in Enforce. | ||||
| CVE-2026-0949 | 1 Enterprisedb | 1 Postgres Enterprise Manager | 2026-02-10 | 6.5 Medium |
| PEM versions prior to 9.8.1 are affected by a stored Cross-site Scripting (XSS) vulnerability that allows users with access to the Manage Charts menu to inject arbitrary JavaScript when creating a new chart, which is then executed by any user accessing the chart. By default only the superuser and users with pem_admin or pem_super_admin privileges are able to access the Manage Charts menu. | ||||
| CVE-2026-0863 | 1 N8n | 1 N8n | 2026-02-10 | 8.5 High |
| Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode. If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact. | ||||
| CVE-2025-15335 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.3 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-15334 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.3 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-15340 | 1 Tanium | 2 Comply, Service Comply | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Comply. | ||||
| CVE-2025-15338 | 1 Tanium | 2 Partner Integration, Service Partnerintegration | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Partner Integration. | ||||