Export limit exceeded: 16266 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (16266 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21173 | 3 Linux, Microsoft, Redhat | 5 Linux Kernel, .net, Visual Studio 2022 and 2 more | 2026-02-13 | 7.3 High |
| .NET Elevation of Privilege Vulnerability | ||||
| CVE-2025-21176 | 4 Apple, Linux, Microsoft and 1 more | 25 Macos, Linux Kernel, .net and 22 more | 2026-02-13 | 8.8 High |
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2025-21171 | 4 Apple, Linux, Microsoft and 1 more | 7 Macos, Linux Kernel, .net and 4 more | 2026-02-13 | 7.5 High |
| .NET Remote Code Execution Vulnerability | ||||
| CVE-2025-24070 | 2 Microsoft, Redhat | 4 Asp.net Core, Visual Studio 2022, Enterprise Linux and 1 more | 2026-02-13 | 7 High |
| Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-26646 | 4 Apple, Linux, Microsoft and 1 more | 9 Macos, Linux Kernel, .net and 6 more | 2026-02-13 | 8 High |
| External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-0810 | 2 Gitoxidelabs, Redhat | 3 Gix-date, Enterprise Linux, Logging | 2026-02-13 | 6.8 Medium |
| A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences. | ||||
| CVE-2026-26158 | 2 Red Hat, Redhat | 2 Enterprise Linux, Enterprise Linux | 2026-02-12 | 7 High |
| A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files. | ||||
| CVE-2026-26157 | 2 Red Hat, Redhat | 2 Enterprise Linux, Enterprise Linux | 2026-02-12 | 7 High |
| A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files. | ||||
| CVE-2024-42079 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-02-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix NULL pointer dereference in gfs2_log_flush In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush lock to provide exclusion against gfs2_log_flush(). In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before dereferencing it. Otherwise, we could run into a NULL pointer dereference when outstanding glock work races with an unmount (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> gfs2_log_flush). | ||||
| CVE-2025-9820 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-02-11 | 4 Medium |
| A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks. | ||||
| CVE-2025-4404 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-02-11 | 9.1 Critical |
| A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration. | ||||
| CVE-2024-35264 | 2 Microsoft, Redhat | 4 .net, Visual Studio, Visual Studio 2022 and 1 more | 2026-02-10 | 8.1 High |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2025-26466 | 4 Canonical, Debian, Openbsd and 1 more | 5 Ubuntu Linux, Debian Linux, Openssh and 2 more | 2026-02-10 | 5.9 Medium |
| A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. | ||||
| CVE-2025-21605 | 4 Debian, Lfprojects, Redhat and 1 more | 9 Debian Linux, Valkey, Discovery and 6 more | 2026-02-10 | 7.5 High |
| Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password authentication is enabled on the Redis server, but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system will run out of memory. This issue has been patched in version 7.4.3. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways. Either using network access control tools like firewalls, iptables, security groups, etc, or enabling TLS and requiring users to authenticate using client side certificates. | ||||
| CVE-2023-52356 | 2 Libtiff, Redhat | 4 Libtiff, Ai Inference Server, Discovery and 1 more | 2026-02-10 | 7.5 High |
| A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | ||||
| CVE-2026-1709 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Eus | 2026-02-09 | 9.4 Critical |
| A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate. | ||||
| CVE-2025-12543 | 1 Redhat | 9 Apache Camel Hawtio, Camel Spring Boot, Enterprise Linux and 6 more | 2026-02-09 | 9.6 Critical |
| A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions. | ||||
| CVE-2025-6021 | 2 Redhat, Xmlsoft | 29 Discovery, Enterprise Linux, Enterprise Linux Eus and 26 more | 2026-02-06 | 7.5 High |
| A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | ||||
| CVE-2025-13502 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-02-06 | 7.5 High |
| A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server. | ||||
| CVE-2025-14087 | 2 Gnome, Redhat | 2 Glib, Enterprise Linux | 2026-02-06 | 5.6 Medium |
| A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. | ||||