Export limit exceeded: 344324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1507 | 1 Aveva | 1 Pi Data Archive Pi Server | 2026-02-12 | 7.5 High |
| The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service. | ||||
| CVE-2026-1495 | 1 Aveva | 1 Pi To Connect Agent | 2026-02-12 | 6.5 Medium |
| The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server. | ||||
| CVE-2020-37182 | 1 Troglobit | 1 Redir | 2026-02-12 | 7.5 High |
| Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination. | ||||
| CVE-2020-37181 | 1 Torrentrockyou | 1 Torrent Flv Converter | 2026-02-12 | 9.8 Critical |
| Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems. | ||||
| CVE-2020-37180 | 1 Nsasoft | 1 Nsauditor Gtalk Password Finder | 2026-02-12 | 7.5 High |
| GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash. | ||||
| CVE-2020-37185 | 1 Nsauditor | 1 Backup Key Recovery | 2026-02-12 | 7.5 High |
| Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash. | ||||
| CVE-2020-37113 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2026-02-12 | 8.8 High |
| GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature. | ||||
| CVE-2025-70997 | 2 Eladmin, Elunez | 2 Eladmin, Eladmin | 2026-02-12 | 8.1 High |
| A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level. | ||||
| CVE-2026-24881 | 2 Gnupg, Gpg4win | 2 Gnupg, Gpg4win | 2026-02-12 | 8.1 High |
| In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution. | ||||
| CVE-2025-55705 | 1 Evmapa | 1 Evmapa | 2026-02-12 | 7.3 High |
| This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration control allows attackers to exploit this weakness by reusing valid charging station IDs to establish multiple sessions concurrently. | ||||
| CVE-2025-67399 | 1 Airth | 1 Smart Home Aqi Monitor Bootloader | 2026-02-12 | 4.6 Medium |
| An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access | ||||
| CVE-2025-15464 | 1 Yintibao | 2 Fun Print, Fun Print Mobile | 2026-02-12 | 7.5 High |
| Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls. | ||||
| CVE-2026-22710 | 2 Mediawiki, Wikimedia | 3 Mediawiki, Mediawiki-wikibase Extension, Wikibase | 2026-02-12 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Extension: 1.45, 1.44, 1.43, 1.39. | ||||
| CVE-2026-22712 | 3 Mediawiki, Wikimedia, Wikiworks | 3 Mediawiki, Mediawiki-approvedrevs Extension, Approved Revs | 2026-02-12 | 4.3 Medium |
| Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39. | ||||
| CVE-2026-22713 | 3 Growth, Mediawiki, Wikimedia | 3 Growthexperiments, Mediawiki, Mediawiki-growthexperiments Extension | 2026-02-12 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39. | ||||
| CVE-2025-64091 | 1 Zenitel | 3 Tcis-3, Tcis-3+, Tcis-3 Firmware | 2026-02-12 | 8.6 High |
| This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. | ||||
| CVE-2025-64090 | 1 Zenitel | 3 Tcis-3, Tcis-3+, Tcis-3 Firmware | 2026-02-12 | 10 Critical |
| This vulnerability allows authenticated attackers to execute commands via the hostname of the device. | ||||
| CVE-2025-64092 | 1 Zenitel | 4 Icx500, Icx500 Firmware, Icx510 and 1 more | 2026-02-12 | 7.5 High |
| This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. | ||||
| CVE-2025-10878 | 2 Insaat, Omran | 2 Fikir Odalari Adminpando, Fikir Odalari Adminpando | 2026-02-12 | 10 Critical |
| A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation). | ||||
| CVE-2025-70073 | 2 1000mz, Liweiyi | 2 Chestnutcms, Chestnutcms | 2026-02-12 | 7.2 High |
| An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function | ||||