Export limit exceeded: 344258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344258 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32735 | 1 Intel | 1 Npu Drivers | 2026-02-11 | 5.5 Medium |
| Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-32739 | 1 Intel | 1 Intel Graphics Drivers And Intel Lts Kernels | 2026-02-11 | 2.8 Low |
| Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-35992 | 1 Intel | 1 Npu Drivers | 2026-02-11 | 4.7 Medium |
| Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-36522 | 1 Intel | 1 Chipset Software | 2026-02-11 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2026-21332 | 3 Adobe, Apple, Microsoft | 4 Indesign, Indesign Desktop, Macos and 1 more | 2026-02-11 | 5.5 Medium |
| InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21358 | 3 Adobe, Apple, Microsoft | 4 Indesign, Indesign Desktop, Macos and 1 more | 2026-02-11 | 5.5 Medium |
| InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-25612 | 1 Mongodb | 1 Mongodb | 2026-02-11 | 6.5 Medium |
| The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks. | ||||
| CVE-2026-21336 | 1 Adobe | 1 Substance 3d Designer | 2026-02-11 | 5.5 Medium |
| Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21340 | 1 Adobe | 1 Substance 3d Designer | 2026-02-11 | 5.5 Medium |
| Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21338 | 1 Adobe | 1 Substance 3d Designer | 2026-02-11 | 5.5 Medium |
| Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21339 | 1 Adobe | 1 Substance 3d Designer | 2026-02-11 | 5.5 Medium |
| Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21337 | 1 Adobe | 1 Substance 3d Designer | 2026-02-11 | 5.5 Medium |
| Substance3D - Designer versions 15.1.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-2303 | 1 Mongodb | 1 Go Driver | 2026-02-11 | 6.5 Medium |
| The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not guaranteed to be null-terminated or have extra padding, this results in reading one byte past the allocated heap buffer. | ||||
| CVE-2025-12699 | 1 Zoll | 1 Zoll Epcr Ios Mobile Application | 2026-02-11 | 5.5 Medium |
| The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app's runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry. | ||||
| CVE-2026-25872 | 1 Albrecht Jung | 1 Jung Smart Panel 5.1 Knx | 2026-02-11 | 5.3 Medium |
| JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information. | ||||
| CVE-2025-64075 | 1 Shenzhen Zhibotong Electronics | 1 Zbt We2001 | 2026-02-11 | 10 Critical |
| A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value. | ||||
| CVE-2026-26079 | 1 Roundcube | 1 Webmail | 2026-02-11 | 4.7 Medium |
| Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled. | ||||
| CVE-2025-9986 | 1 Vadi Corporate Information Systems | 1 Digikent | 2026-02-11 | 8.2 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025. | ||||
| CVE-2025-10174 | 1 Pan Software & Information Technologies | 1 Pancafe Pro | 2026-02-11 | 8.3 High |
| Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025. | ||||
| CVE-2025-12474 | 1 Google | 1 Libjxl | 2026-02-11 | 3.1 Low |
| A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas. | ||||