Export limit exceeded: 341115 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341115 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63648 | 1 Owntone | 2 Owntone-server, Owntone Server | 2026-02-13 | 7.5 High |
| A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server. | ||||
| CVE-2025-57156 | 1 Owntone | 2 Owntone-server, Owntone Server | 2026-02-13 | 7.5 High |
| NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash). | ||||
| CVE-2025-57155 | 1 Owntone | 2 Owntone-server, Owntone Server | 2026-02-13 | 7.5 High |
| NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service. | ||||
| CVE-2021-38383 | 1 Owntone | 1 Owntone Server | 2026-02-13 | 9.8 Critical |
| OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c. | ||||
| CVE-2025-25652 | 1 Eptura | 1 Archibus | 2026-02-13 | 7.5 High |
| In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. | ||||
| CVE-2025-46684 | 1 Dell | 1 Supportassist Os Recovery | 2026-02-13 | 6.6 Medium |
| Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering. | ||||
| CVE-2026-0781 | 2 Algo, Algosolutions | 3 8180 Ip Audio Alerter, 8180 Ip Audio Alerter, 8180 Ip Audio Alerter Firmware | 2026-02-13 | 8.8 High |
| ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28290. | ||||
| CVE-2026-0780 | 2 Algo, Algosolutions | 3 8180 Ip Audio Alerter, 8180 Ip Audio Alerter, 8180 Ip Audio Alerter Firmware | 2026-02-13 | 8.8 High |
| ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28289. | ||||
| CVE-2026-0782 | 2 Algo, Algosolutions | 3 8180 Ip Audio Alerter, 8180 Ip Audio Alerter, 8180 Ip Audio Alerter Firmware | 2026-02-13 | 8.8 High |
| ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28291. | ||||
| CVE-2025-65784 | 1 Hubert | 1 Hub | 2026-02-13 | 6.5 Medium |
| Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request. | ||||
| CVE-2026-2095 | 1 Flowring | 1 Agentflow | 2026-02-13 | 9.8 Critical |
| Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user. | ||||
| CVE-2026-2096 | 1 Flowring | 1 Agentflow | 2026-02-13 | 9.8 Critical |
| Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality. | ||||
| CVE-2025-68707 | 1 Tycc | 2 Tongyu Ax1800, Tongyu Ax1800 Firmware | 2026-02-13 | 8.8 High |
| An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise of the device (i.e., via unauthenticated access to /boaform/formSaveConfig and /boaform/admin endpoints). | ||||
| CVE-2026-2097 | 1 Flowring | 1 Agentflow | 2026-02-13 | 8.8 High |
| Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | ||||
| CVE-2026-2098 | 1 Flowring | 1 Agentflow | 2026-02-13 | 6.1 Medium |
| AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | ||||
| CVE-2026-2099 | 1 Flowring | 1 Agentflow | 2026-02-13 | 5.4 Medium |
| AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load. | ||||
| CVE-2025-30398 | 1 Microsoft | 3 Nuance Powerscribe, Nuance Powerscribe 360, Nuance Powerscribe One | 2026-02-13 | 8.1 High |
| Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-62453 | 2 Github, Microsoft | 2 Copilot, Visual Studio Code | 2026-02-13 | 5 Medium |
| Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2025-62449 | 1 Microsoft | 3 Github Copilot Chat, Visual Studio, Visual Studio Code Copilot Chat Extension | 2026-02-13 | 6.8 Medium |
| Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2025-62209 | 1 Microsoft | 24 Windows, Windows 10, Windows 10 1507 and 21 more | 2026-02-13 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. | ||||