Export limit exceeded: 24491 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24491 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47569 | 1 Fortinet | 13 Fortimail, Fortimanager, Fortimanager Cloud and 10 more | 2026-02-10 | 4.2 Medium |
| A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets. | ||||
| CVE-2024-7014 | 1 Telegram | 1 Telegram | 2026-02-09 | 8.1 High |
| EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. | ||||
| CVE-2025-66594 | 1 Yokogawa | 1 Fast/tools | 2026-02-09 | N/A |
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | ||||
| CVE-2026-1727 | 1 Google | 1 Gemini | 2026-02-09 | N/A |
| The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an attacker to engage in "bucket squatting" by establishing these buckets before a victim's initial use. All versions after December 12th, 2025 have been updated to protect from this vulnerability. No user action is required for this. | ||||
| CVE-2026-25722 | 2 Anthropic, Anthropics | 2 Claude Code, Claude Code | 2026-02-09 | 9.1 Critical |
| Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.57. | ||||
| CVE-2026-25723 | 2 Anthropic, Anthropics | 2 Claude Code, Claude Code | 2026-02-09 | 6.5 Medium |
| Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this required the ability to execute commands through Claude Code with the "accept edits" feature enabled. This issue has been patched in version 2.0.55. | ||||
| CVE-2025-68134 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-02-06 | 7.4 High |
| EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denial of service. In a context where a manager handles multiple EVSE, this would also impact other users. Version 2025.10.0 fixes the issue. | ||||
| CVE-2024-53862 | 1 Argoproj | 2 Argo-workflows, Argo Workflows | 2026-02-06 | 7.5 High |
| Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}` or when using `--auth-mode=sso`, all Archived Workflows can be retrieved with a valid token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}`. No authentication is performed by the Server itself on `client` tokens. Authentication & authorization is instead delegated to the k8s API server. However, the Workflow Archive does not interact with k8s, and so any token that looks valid will be considered authenticated, even if it is not a k8s token or even if the token has no RBAC for Argo. To handle the lack of pass-through k8s authN/authZ, the Workflow Archive specifically does the equivalent of a `kubectl auth can-i` check for respective methods. In 3.5.7 and 3.5.8, the auth check was accidentally removed on the GET Workflow endpoint's fallback to archived workflows on these lines, allowing archived workflows to be retrieved with a fake token. This vulnerability is fixed in 3.6.2 and 3.5.13. | ||||
| CVE-2025-68398 | 1 Weblate | 1 Weblate | 2026-02-06 | 9.1 Critical |
| Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue. | ||||
| CVE-2025-65264 | 1 Cpuid | 1 Cpu-z | 2026-02-06 | 5.5 Medium |
| The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request. | ||||
| CVE-2025-47283 | 1 Gardener | 1 Gardener | 2026-02-06 | 9.9 Critical |
| Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue. | ||||
| CVE-2025-39702 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-02-06 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. | ||||
| CVE-2025-66400 | 2 Syntax-tree, Unifiedjs | 2 Mdast-util-to-hast, Mdast-util-to-hast | 2026-02-06 | 5.3 Medium |
| mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This vulnerability is fixed in 13.2.1. | ||||
| CVE-2025-27451 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | 5.3 Medium |
| For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one. | ||||
| CVE-2025-62840 | 2 Qnap, Qnap Systems Inc. | 2 Hybrid Backup Sync, Hbs 3 Hybrid Backup Sync | 2026-02-05 | 3.3 Low |
| A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later | ||||
| CVE-2026-23878 | 1 Hotcrp | 1 Hotcrp | 2026-02-05 | 6.5 Medium |
| HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents (PDFs, attachments) associated with any submission. The problem was patched in commit ceacd5f1476458792c44c6a993670f02c984b4a0. | ||||
| CVE-2026-24345 | 2 Actions-micro, Nimbletech | 4 Ezcast Pro Ii, Ezcast Pro Ii Firmware, Ezcast Pro Dongle Ii and 1 more | 2026-02-05 | 8.8 High |
| Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI | ||||
| CVE-2026-24347 | 2 Actions-micro, Nimbletech | 4 Ezcast Pro Ii, Ezcast Pro Ii Firmware, Ezcast Pro Dongle Ii and 1 more | 2026-02-05 | 5.3 Medium |
| Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory | ||||
| CVE-2026-24348 | 2 Actions-micro, Nimbletech | 4 Ezcast Pro Ii, Ezcast Pro Ii Firmware, Ezcast Pro Dongle Ii and 1 more | 2026-02-05 | 6.1 Medium |
| Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users. | ||||
| CVE-2026-24870 | 1 Ixray-team | 2 Ix-ray Engine 1.6, Ixray | 2026-02-05 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | ||||