Export limit exceeded: 338066 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338066 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24321 | 2026-02-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2025-24300 | 2026-02-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2025-22845 | 2026-02-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2025-20110 | 2026-02-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2025-20107 | 2026-02-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2025-20098 | 2026-02-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2025-20089 | 2026-02-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2025-20078 | 2026-02-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2025-20066 | 2026-02-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2025-20038 | 2026-02-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2025-20007 | 2026-02-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2025-68458 | 2 Webpack, Webpack.js | 2 Webpack, Webpack | 2026-02-13 | 3.7 Low |
| Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo (username:password@host). If allowedUris enforcement relies on a raw string prefix check (e.g., uri.startsWith(allowed)), a URL that looks allow-listed can pass validation while the actual network request is sent to a different authority/host after URL parsing. This is a policy/allow-list bypass that enables build-time SSRF behavior (outbound requests from the build machine to internal-only endpoints, depending on network access) and untrusted content inclusion (the fetched response is treated as module source and bundled). This issue has been patched in version 5.104.1. | ||||
| CVE-2026-25763 | 1 Openproject | 1 Openproject | 2026-02-13 | 9.9 Critical |
| OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint (/projects/:project_id/repository/changes) when rendering the “latest changes” view via git log. By supplying a specially crafted rev value (for example, rev=--output=/tmp/poc.txt), an attacker can inject git log command-line options. When OpenProject executes the SCM command, Git interprets the attacker-controlled rev as an option and writes the output to an attacker-chosen path. As a result, any user with the :browse_repository permission on the project can create or overwrite arbitrary files that the OpenProject process user is permitted to write. The written contents consist of git log output, but by crafting custom commits the attacker can still upload valid shell scripts, ultimately leading to RCE. The RCE lets the attacker create a reverse shell to the target host and view confidential files outside of OpenProject, such as /etc/passwd. This issue has been patched in versions 16.6.7 and 17.0.3. | ||||
| CVE-2025-49742 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.8 High |
| Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. | ||||
| CVE-2025-49741 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | 7.4 High |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-49740 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 8.8 High |
| Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-47999 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-02-13 | 6.8 Medium |
| Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | ||||
| CVE-2025-49732 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.8 High |
| Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49730 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-13 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49725 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-02-13 | 7.8 High |
| Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | ||||