Export limit exceeded: 330633 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (330633 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24532 | 1 Wordpress | 1 Wordpress | 2026-02-17 | 4.3 Medium |
| Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through 5.0.2. | ||||
| CVE-2025-69055 | 2 Seatheme, Wordpress | 2 Bm Content Builder, Wordpress | 2026-02-17 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder allows Path Traversal.This issue affects BM Content Builder: from n/a before 3.16.3.3. | ||||
| CVE-2026-2604 | 1 Gnome | 1 Evolution-data-server | 2026-02-17 | 5.6 Medium |
| No description is available for this CVE. | ||||
| CVE-2025-3576 | 1 Redhat | 8 Discovery, Enterprise Linux, Openshift and 5 more | 2026-02-17 | 5.9 Medium |
| A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. | ||||
| CVE-2025-26637 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2026-02-16 | 6.8 Medium |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2026-1529 | 1 Redhat | 2 Build Keycloak, Build Of Keycloak | 2026-02-16 | 8.1 High |
| A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access. | ||||
| CVE-2024-8419 | 2026-02-16 | 7.5 High | ||
| The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication. | ||||
| CVE-2023-1211 | 1 Phpipam | 1 Phpipam | 2026-02-16 | 7.2 High |
| SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2. | ||||
| CVE-2022-4407 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-02-16 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | ||||
| CVE-2025-9566 | 1 Redhat | 8 Enterprise Linux, Openshift, Openshift Devspaces and 5 more | 2026-02-16 | 8.1 High |
| There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1 | ||||
| CVE-2026-0964 | 1 Libssh | 1 Libssh | 2026-02-16 | N/A |
| No description is available for this CVE. | ||||
| CVE-2026-0965 | 1 Libssh | 1 Libssh | 2026-02-16 | N/A |
| No description is available for this CVE. | ||||
| CVE-2026-0966 | 1 Libssh | 1 Libssh | 2026-02-16 | N/A |
| No description is available for this CVE. | ||||
| CVE-2026-0968 | 1 Libssh | 1 Libssh | 2026-02-16 | N/A |
| No description is available for this CVE. | ||||
| CVE-2026-2272 | 1 Gimp | 1 Gimp | 2026-02-16 | 4.3 Medium |
| No description is available for this CVE. | ||||
| CVE-2025-38162 | 1 Linux | 1 Linux Kernel | 2026-02-16 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation When calculating the lookup table size, ensure the following multiplication does not overflow: - desc->field_len[] maximum value is U8_MAX multiplied by NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case. - NFT_PIPAPO_BUCKETS(f->bb) is 2^8, worst case. - sizeof(unsigned long), from sizeof(*f->lt), lt in struct nft_pipapo_field. Then, use check_mul_overflow() to multiply by bucket size and then use check_add_overflow() to the alignment for avx2 (if needed). Finally, add lt_size_check_overflow() helper and use it to consolidate this. While at it, replace leftover allocation using the GFP_KERNEL to GFP_KERNEL_ACCOUNT for consistency, in pipapo_resize(). | ||||
| CVE-2025-69634 | 1 Dolibarr | 1 Dolibarr | 2026-02-14 | 9 Critical |
| Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user. | ||||
| CVE-2025-9293 | 2 Tp-link, Tp Link | 14 Aginet App, Deco App, Festa App and 11 more | 2026-02-13 | N/A |
| A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data. | ||||
| CVE-2025-9292 | 1 Tp-link | 1 Omada Cloud Controller | 2026-02-13 | N/A |
| A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TP‑Link. No user action is required. | ||||
| CVE-2025-61675 | 1 Freepbx | 1 Endpoint Manager | 2026-02-13 | N/A |
| FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the basestation, model, firmware, and custom extension configuration functionality areas. Authentication with a known username is required to exploit these vulnerabilities. Successful exploitation allows authenticated users to execute arbitrary SQL queries against the database, potentially enabling access to sensitive data or modification of database contents. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17. | ||||