Export limit exceeded: 330912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (330912 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66719 | 1 Free5gc | 1 Nrf | 2026-02-11 | 9.1 Critical |
| An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file internal/sbi/processor/access_token.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access token with any arbitrary scope. | ||||
| CVE-2025-67124 | 1 Svenstaro | 1 Miniserve | 2026-02-11 | 6.8 Medium |
| A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination directory (e.g., shared writable directory/volume). | ||||
| CVE-2025-67125 | 1 Docopt | 1 Docopt.cpp | 2026-02-11 | 4.4 Medium |
| A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in docopt_private.h) when merging occurrence counters (e.g., default LONG_MAX + first user "-v/--verbose") can cause counter wrap (negative/unbounded semantics) and lead to logic/policy bypass in applications that rely on occurrence-based limits, rate-gating, or safety toggles. In hardened builds (e.g., UBSan or -ftrapv), the overflow may also result in process abort (DoS). | ||||
| CVE-2025-69908 | 2 Newgen, Newgensoft | 2 Omniapp, Omniapp | 2026-02-11 | 7.5 High |
| An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource. | ||||
| CVE-2026-23566 | 2 Microsoft, Teamviewer | 3 Windows, Dex, Digital Employee Experience | 2026-02-11 | 6.5 Medium |
| A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation. | ||||
| CVE-2026-25806 | 2 Praskla-technology, Prasklatechnology | 2 Assessment-placipy, Placipy | 2026-02-11 | 6.5 Medium |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the GET /api/students/:email PUT /api/students/:email/status, and DELETE /api/students/:email routes in backend/src/routes/student.routes.ts only enforce authentication using authenticateToken but do not enforce authorization. The application does not verify whether the authenticated user owns the student record being accessed, has an administrative / staff role, or is permitted to modify or delete the target student. | ||||
| CVE-2026-25810 | 2 Praskla-technology, Prasklatechnology | 2 Assessment-placipy, Placipy | 2026-02-11 | 9.1 Critical |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/student.submission.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks). | ||||
| CVE-2026-25876 | 2 Praskla-technology, Prasklatechnology | 2 Assessment-placipy, Placipy | 2026-02-11 | 9.1 Critical |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks). For example, this can be used to return all results for an assessment. | ||||
| CVE-2021-47895 | 2 Nsasoft, Nsauditor | 2 Nsauditor, Nsauditor | 2026-02-11 | 7.5 High |
| Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application crash. | ||||
| CVE-2025-47402 | 1 Qualcomm | 189 Ar8035, Ar8035 Firmware, Cologne and 186 more | 2026-02-11 | 6.5 Medium |
| Transient DOS when processing a received frame with an excessively large authentication information element. | ||||
| CVE-2025-70983 | 2 Bladex, Springblade Project | 2 Springblade, Springblade | 2026-02-11 | 9.9 Critical |
| Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges. | ||||
| CVE-2025-67264 | 1 Doogee | 7 Note59, Note59 Firmware, Note59 Pro and 4 more | 2026-02-11 | 7.8 High |
| An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710 | ||||
| CVE-2025-61506 | 1 Mediacrush | 1 Mediacrush | 2026-02-11 | 9.8 Critical |
| An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint. | ||||
| CVE-2025-63372 | 2 Articentgroup, Microsoft | 2 Zip Rar Extractor Tool, Windows | 2026-02-11 | 4.3 Medium |
| Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents. | ||||
| CVE-2025-63624 | 2 Sdkede, Shandong Kede | 3 Iot Smart Water Meter, Iot Smart Water Meter Firmware, Iot Smart Water Meter Monitoring Platform | 2026-02-11 | 9.8 Critical |
| SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file. | ||||
| CVE-2026-23565 | 2 Microsoft, Teamviewer | 3 Windows, Dex, Digital Employee Experience | 2026-02-11 | 6.5 Medium |
| A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. This can result in a denial-of-service condition of the Content Distribution Service. | ||||
| CVE-2025-52022 | 1 Aptsys | 2 Gemscms Backend, Gemsloyalty | 2026-02-11 | 5.3 Medium |
| A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message. | ||||
| CVE-2025-52023 | 1 Aptsys | 2 Gemscms, Gemscms Backend | 2026-02-11 | 5.3 Medium |
| A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message. | ||||
| CVE-2026-23564 | 2 Microsoft, Teamviewer | 3 Windows, Dex, Digital Employee Experience | 2026-02-11 | 6.5 Medium |
| A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information. | ||||
| CVE-2025-65875 | 2 Fpdf, Setasign | 2 Fpdf, Fpdf | 2026-02-11 | 8.8 High |
| An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||