Export limit exceeded: 331220 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (331220 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1823 | 1 Ibm | 1 Jazz Reporting Service | 2026-02-12 | 3.5 Low |
| IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources. | ||||
| CVE-2025-13096 | 1 Ibm | 1 Business Automation Workflow | 2026-02-12 | 7.1 High |
| IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2026-20119 | 1 Cisco | 5 Roomos, Telepresence Ce, Telepresence Ce Software and 2 more | 2026-02-12 | 7.5 High |
| A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated in the CVSS score, no user interaction is required, such as accepting the meeting invitation. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | ||||
| CVE-2020-37113 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2026-02-12 | 8.8 High |
| GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature. | ||||
| CVE-2025-70997 | 2 Eladmin, Elunez | 2 Eladmin, Eladmin | 2026-02-12 | 8.1 High |
| A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level. | ||||
| CVE-2026-24881 | 2 Gnupg, Gpg4win | 2 Gnupg, Gpg4win | 2026-02-12 | 8.1 High |
| In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution. | ||||
| CVE-2025-55705 | 1 Evmapa | 1 Evmapa | 2026-02-12 | 7.3 High |
| This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration control allows attackers to exploit this weakness by reusing valid charging station IDs to establish multiple sessions concurrently. | ||||
| CVE-2025-15464 | 1 Yintibao | 2 Fun Print, Fun Print Mobile | 2026-02-12 | 7.5 High |
| Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls. | ||||
| CVE-2026-22712 | 3 Mediawiki, Wikimedia, Wikiworks | 3 Mediawiki, Mediawiki-approvedrevs Extension, Approved Revs | 2026-02-12 | 4.3 Medium |
| Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39. | ||||
| CVE-2025-64092 | 1 Zenitel | 4 Icx500, Icx500 Firmware, Icx510 and 1 more | 2026-02-12 | 7.5 High |
| This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. | ||||
| CVE-2025-10878 | 2 Insaat, Omran | 2 Fikir Odalari Adminpando, Fikir Odalari Adminpando | 2026-02-12 | 10 Critical |
| A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation). | ||||
| CVE-2025-12131 | 1 Silabs | 2 Simplicity Sdk, Simplicity Software Development Kit | 2026-02-12 | 6.5 Medium |
| A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. | ||||
| CVE-2025-15557 | 1 Tp-link | 4 Tapo H100, Tapo H100 Firmware, Tapo P100 and 1 more | 2026-02-12 | 8.8 High |
| An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations. | ||||
| CVE-2023-53569 | 1 Linux | 1 Linux Kernel | 2026-02-12 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in the superblock has sensible value. Otherwise the shift computing the block size can overflow leading to undefined behavior. | ||||
| CVE-2025-52026 | 1 Aptsys | 2 Gemscms, Gemscms Backend | 2026-02-12 | 7.5 High |
| An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions. | ||||
| CVE-2026-24128 | 1 Xwiki | 3 Xwiki, Xwiki-platform, Xwiki-rendering | 2026-02-12 | 6.1 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through 17.7.0 contain a reflected Cross-site Scripting (XSS) vulnerability, which allows an attacker to craft a malicious URL and execute arbitrary actions with the same privileges as the victim. If the victim has administrative or programming rights, those rights can be exploited to gain full access to the XWiki installation. This issue has been patched in versions 17.8.0-rc-1, 17.4.5 and 16.10.12. To workaround, the patch can be applied manually, only a single line in templates/logging_macros.vm needs to be changed, no restart is required. | ||||
| CVE-2025-15551 | 1 Tp-link | 8 Archer C20, Archer C20 Firmware, Archer Mr200 and 5 more | 2026-02-12 | 5.6 Medium |
| The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge. | ||||
| CVE-2026-2250 | 1 Metis Cyberspace Technology Sa | 1 Metis Wic | 2026-02-12 | 7.5 High |
| The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to return verbose Django tracebacks that disclose backend source code, local file paths, and system configuration. | ||||
| CVE-2026-2249 | 1 Metis Cyberspace Technology Sa | 1 Metis Dfs | 2026-02-12 | 9.8 Critical |
| METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services. | ||||
| CVE-2026-2248 | 1 Metis Cyberspace Technology Sa | 1 Metis Wic | 2026-02-12 | 9.8 Critical |
| METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root (UID 0) privileges. This results in full system compromise, allowing unauthorized access to modify system configuration, read sensitive data, or disrupt device operations | ||||