Export limit exceeded: 334330 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334330 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2959 | 2026-02-22 | 8.8 High | ||
| A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. | ||||
| CVE-2026-2958 | 2026-02-22 | 8.8 High | ||
| A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-2588 | 2026-02-22 | N/A | ||
| Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems size_t is typically 32-bits while an unsigned long long is at least 64-bits. | ||||
| CVE-2026-2957 | 2026-02-22 | 5.4 Medium | ||
| A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2956 | 2026-02-22 | 6.3 Medium | ||
| A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2447 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-22 | 8.8 High |
| Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2. | ||||
| CVE-2026-26930 | 1 Smartertools | 1 Smartermail | 2026-02-22 | 7.2 High |
| SmarterTools SmarterMail before 9526 allows XSS via MAPI requests. | ||||
| CVE-2025-60711 | 1 Microsoft | 1 Edge Chromium | 2026-02-22 | 6.3 Medium |
| Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-59501 | 1 Microsoft | 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more | 2026-02-22 | 4.8 Medium |
| Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network. | ||||
| CVE-2025-59500 | 1 Microsoft | 2 Azure, Azure Notification Service | 2026-02-22 | 7.7 High |
| Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59503 | 1 Microsoft | 2 Azure, Azure Compute Resource Provider | 2026-02-22 | 10 Critical |
| Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59273 | 1 Microsoft | 3 Azure, Azure Event Grid, Azure Event Grid System | 2026-02-22 | 7.3 High |
| Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59286 | 1 Microsoft | 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more | 2026-02-22 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-55321 | 1 Microsoft | 1 Azure Monitor | 2026-02-22 | 9.3 Critical |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59272 | 1 Microsoft | 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more | 2026-02-22 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally. | ||||
| CVE-2025-59271 | 1 Microsoft | 3 Azure Cache For Redis, Azure Cache For Redis Enterprise, Azure Managed Redis | 2026-02-22 | 8.7 High |
| Redis Enterprise Elevation of Privilege Vulnerability | ||||
| CVE-2025-59252 | 1 Microsoft | 3 365, 365 Copilot, 365 Word Copilot | 2026-02-22 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-59247 | 1 Microsoft | 2 Azure, Azure Playfab | 2026-02-22 | 8.8 High |
| Azure PlayFab Elevation of Privilege Vulnerability | ||||
| CVE-2025-59246 | 1 Microsoft | 2 Entra Id, Microsoft Entra Id | 2026-02-22 | 9.8 Critical |
| Azure Entra ID Elevation of Privilege Vulnerability | ||||
| CVE-2025-59218 | 1 Microsoft | 2 Entra Id, Microsoft Entra Id | 2026-02-22 | 9.6 Critical |
| Azure Entra ID Elevation of Privilege Vulnerability | ||||