Export limit exceeded: 10842 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338015 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70997 | 2 Eladmin, Elunez | 2 Eladmin, Eladmin | 2026-02-12 | 8.1 High |
| A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level. | ||||
| CVE-2026-24881 | 2 Gnupg, Gpg4win | 2 Gnupg, Gpg4win | 2026-02-12 | 8.1 High |
| In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution. | ||||
| CVE-2025-55705 | 1 Evmapa | 1 Evmapa | 2026-02-12 | 7.3 High |
| This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration control allows attackers to exploit this weakness by reusing valid charging station IDs to establish multiple sessions concurrently. | ||||
| CVE-2025-67399 | 1 Airth | 1 Smart Home Aqi Monitor Bootloader | 2026-02-12 | 4.6 Medium |
| An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access | ||||
| CVE-2025-15464 | 1 Yintibao | 2 Fun Print, Fun Print Mobile | 2026-02-12 | 7.5 High |
| Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls. | ||||
| CVE-2026-22710 | 2 Mediawiki, Wikimedia | 3 Mediawiki, Mediawiki-wikibase Extension, Wikibase | 2026-02-12 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Extension: 1.45, 1.44, 1.43, 1.39. | ||||
| CVE-2026-22712 | 3 Mediawiki, Wikimedia, Wikiworks | 3 Mediawiki, Mediawiki-approvedrevs Extension, Approved Revs | 2026-02-12 | 4.3 Medium |
| Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39. | ||||
| CVE-2026-22713 | 3 Growth, Mediawiki, Wikimedia | 3 Growthexperiments, Mediawiki, Mediawiki-growthexperiments Extension | 2026-02-12 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39. | ||||
| CVE-2025-64091 | 1 Zenitel | 3 Tcis-3, Tcis-3+, Tcis-3 Firmware | 2026-02-12 | 8.6 High |
| This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. | ||||
| CVE-2025-64090 | 1 Zenitel | 3 Tcis-3, Tcis-3+, Tcis-3 Firmware | 2026-02-12 | 10 Critical |
| This vulnerability allows authenticated attackers to execute commands via the hostname of the device. | ||||
| CVE-2025-64092 | 1 Zenitel | 4 Icx500, Icx500 Firmware, Icx510 and 1 more | 2026-02-12 | 7.5 High |
| This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. | ||||
| CVE-2025-10878 | 2 Insaat, Omran | 2 Fikir Odalari Adminpando, Fikir Odalari Adminpando | 2026-02-12 | 10 Critical |
| A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation). | ||||
| CVE-2025-70073 | 2 1000mz, Liweiyi | 2 Chestnutcms, Chestnutcms | 2026-02-12 | 7.2 High |
| An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function | ||||
| CVE-2025-13295 | 2 Argustech, Argusteknoloji | 2 Bilger, Bilger | 2026-02-12 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.9. | ||||
| CVE-2025-12131 | 1 Silabs | 2 Simplicity Sdk, Simplicity Software Development Kit | 2026-02-12 | 6.5 Medium |
| A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. | ||||
| CVE-2025-15557 | 1 Tp-link | 4 Tapo H100, Tapo H100 Firmware, Tapo P100 and 1 more | 2026-02-12 | 8.8 High |
| An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations. | ||||
| CVE-2026-26031 | 1 Frappe | 2 Frappe Lms, Learning | 2026-02-12 | 5.3 Medium |
| Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by email) in batches. This vulnerability is fixed in 2.44.0. | ||||
| CVE-2023-53569 | 1 Linux | 1 Linux Kernel | 2026-02-12 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in the superblock has sensible value. Otherwise the shift computing the block size can overflow leading to undefined behavior. | ||||
| CVE-2025-66274 | 2 Qnap, Qnap Systems | 2 Quts Hero, Quts Hero | 2026-02-12 | 4.9 Medium |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later | ||||
| CVE-2025-58466 | 2 Qnap, Qnap Systems | 4 Qts, Quts Hero, Qts and 1 more | 2026-02-12 | 4.9 Medium |
| A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later | ||||