Export limit exceeded: 15112 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15112 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25894 | 1 Frangoteam | 1 Fuxa | 2026-02-13 | 9.8 Critical |
| FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10. | ||||
| CVE-2025-46305 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-02-13 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2025-46303 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-02-13 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2025-46302 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-02-13 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2025-46301 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-02-13 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2025-46300 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-02-13 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2026-20605 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-02-13 | 4.6 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to crash a system process. | ||||
| CVE-2026-20700 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-02-13 | 7.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report. | ||||
| CVE-2026-20635 | 1 Apple | 8 Ios And Ipados, Ipados, Iphone Os and 5 more | 2026-02-12 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-20644 | 1 Apple | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2026-02-12 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-22712 | 3 Mediawiki, Wikimedia, Wikiworks | 3 Mediawiki, Mediawiki-approvedrevs Extension, Approved Revs | 2026-02-12 | 4.3 Medium |
| Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39. | ||||
| CVE-2025-54514 | 1 Amd | 10 Epyc 9005 Series Processors, Epyc Embedded 9005 Series Processors, Ryzen 5000 Series Desktop Processors and 7 more | 2026-02-12 | N/A |
| Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. | ||||
| CVE-2025-22885 | 1 Intel | 1 Tdx Module | 2026-02-11 | 4.7 Medium |
| Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2024-5386 | 2 Lunary, Lunary-ai | 2 Lunary, Lunary | 2026-02-11 | 8.8 High |
| In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's account by obtaining the password reset token. The vulnerability is triggered when the 'viewer' role user sends a specific request to the server, which responds with a password reset token in the 'recoveryToken' parameter. This token can then be used to reset the password of another user's account without authorization. The issue results from an excessive attack surface, allowing lower-privileged users to escalate their privileges and take over accounts. | ||||
| CVE-2026-25499 | 1 Bpg | 2 Terraform-provider-proxmox, Terraform Provider | 2026-02-11 | 7.5 High |
| Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1. | ||||
| CVE-2026-1675 | 1 Wordpress | 1 Wordpress | 2026-02-11 | 5.3 Medium |
| The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for unauthenticated attackers to bypass the geolocation blocking mechanism by appending the key to any URL on sites where the administrator has not changed the default value. | ||||
| CVE-2024-38104 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 8.8 High |
| Windows Fax Service Remote Code Execution Vulnerability | ||||
| CVE-2025-14026 | 1 Forcepoint | 2 One Data Loss Prevention, One Endpoint | 2026-02-10 | 7.8 High |
| Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed. | ||||
| CVE-2025-11653 | 1 Utt | 3 2620g, 2620g Firmware, Hiper 2620g | 2026-02-10 | 8.8 High |
| A vulnerability was determined in UTT HiPER 2620G up to 3.1.4. Impacted is the function strcpy of the file /goform/fNTP. This manipulation of the argument NTPServerIP causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15312 | 1 Tanium | 1 Tanos | 2026-02-10 | 6.6 Medium |
| Tanium addressed an improper output sanitization vulnerability in Tanium Appliance. | ||||