Export limit exceeded: 330302 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (330302 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22549 | 3 F5, Kubernetes, Redhat | 3 Big-ip Container Ingress Services, Kubernetes, Openshift | 2026-02-13 | 4.9 Medium |
| A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-22548 | 1 F5 | 3 Big-ip, Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2026-02-13 | 5.9 Medium |
| When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-20732 | 1 F5 | 22 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 19 more | 2026-02-13 | 3.1 Low |
| A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-26021 | 2 Ahdinosaur, Set-in Project | 2 Set-in, Set-in | 2026-02-13 | 9.8 Critical |
| set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in (>=2.0.1, < 2.0.5). Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using Array.prototype. This has been fixed in version 2.0.5. | ||||
| CVE-2026-26226 | 1 Lukilabs | 1 Beautiful-mermaid | 2026-02-13 | N/A |
| beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without proper escaping, allowing crafted input to break out of an attribute context and inject arbitrary SVG elements/attributes into the rendered output. When the generated SVG is embedded in a web page, this can result in script execution in the context of the embedding origin. | ||||
| CVE-2026-26208 | 1 Alex4ssb | 1 Adb-explorer | 2026-02-13 | 7.8 High |
| ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Json with TypeNameHandling set to Objects. This allows an attacker to supply a crafted JSON file containing a gadget chain (e.g., ObjectDataProvider) to execute arbitrary code when the application launches and subsequently saves its settings. This vulnerability is fixed in Beta 0.9.26020. | ||||
| CVE-2025-69770 | 1 Mojoportal | 1 Mojoportal | 2026-02-13 | 10 Critical |
| A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file. | ||||
| CVE-2025-66676 | 1 Iobit | 1 Iobit Unlocker | 2026-02-13 | 6.2 Medium |
| An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-1790 | 1 Genetec Inc. | 1 Genetec Sipelia | 2026-02-13 | N/A |
| Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system. | ||||
| CVE-2024-21961 | 1 Amd | 21 Epyc 7002 Series Processors, Epyc Embedded 7002 Series Processors, Ryzen 4000 Series Desktop Processors and 18 more | 2026-02-13 | N/A |
| Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability. | ||||
| CVE-2026-26012 | 1 Dani-garcia | 1 Vaultwarden | 2026-02-13 | 6.5 Medium |
| vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible to any organization member and internally uses Cipher::find_by_org to retrieve all ciphers. These ciphers are returned with CipherSyncType::Organization without enforcing collection-level access control. This vulnerability is fixed in 1.35.3. | ||||
| CVE-2025-56647 | 1 Farm-fe | 1 Core | 2026-02-13 | 6.5 Medium |
| npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leaked by the WebSocket server. | ||||
| CVE-2025-63421 | 1 Filosoft | 1 Comerc.32 Commercial Invoicing | 2026-02-13 | 7.8 High |
| An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file | ||||
| CVE-2025-67432 | 1 Monkeybread Software | 1 Mbs Dyna Pdf Plugin | 2026-02-13 | 7.5 High |
| A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-70845 | 1 Lty628 | 1 Aidigu | 2026-02-13 | 6.1 Medium |
| lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) exists in the /setting/ page where the "intro" field is not properly sanitized or escaped. | ||||
| CVE-2026-1671 | 2 Switcorp, Wordpress | 2 Activity Log For Wordpress, Wordpress | 2026-02-13 | 6.5 Medium |
| The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter_activity_log_action() function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view potentially sensitive information (e.g., the password of a higher level user, such as an administrator) contained in the exposed log files. | ||||
| CVE-2026-1316 | 2 Ivole, Wordpress | 2 Customer Reviews For Woocommerce, Wordpress | 2026-02-13 | 7.2 High |
| The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[].href' parameter in all versions up to, and including, 5.97.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers (if 'Enable for Guests' is enabled) to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-1320 | 2 Ays-pro, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2026-02-13 | 7.2 High |
| The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-14014 | 1 Ntn Information Processing Services Computer Software Hardware Industry And Trade Ltd. Co. | 1 Smart Panel | 2026-02-13 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Panel: before 20251215. | ||||
| CVE-2023-31313 | 1 Amd | 2 Instinct Mi210, Instinct Mi250 | 2026-02-13 | 7.2 High |
| An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution. | ||||