Export limit exceeded: 24781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24781 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52023 | 1 Aptsys | 2 Gemscms, Gemscms Backend | 2026-02-11 | 5.3 Medium |
| A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message. | ||||
| CVE-2025-67857 | 1 Moodle | 1 Moodle | 2026-02-11 | 4.3 Medium |
| A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure. | ||||
| CVE-2023-38156 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | 7.2 High |
| Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability | ||||
| CVE-2025-61546 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-02-11 | 9.1 Critical |
| There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69) that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation controls. | ||||
| CVE-2025-52631 | 1 Hcltech | 1 Aion | 2026-02-11 | 3.7 Low |
| HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0. | ||||
| CVE-2024-38105 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2026-02-10 | 6.5 Medium |
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | ||||
| CVE-2024-38052 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 7.8 High |
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38047 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2026-02-10 | 7.8 High |
| PowerShell Elevation of Privilege Vulnerability | ||||
| CVE-2024-38033 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2026-02-10 | 7.3 High |
| PowerShell Elevation of Privilege Vulnerability | ||||
| CVE-2024-38030 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2026-02-10 | 6.5 Medium |
| Windows Themes Spoofing Vulnerability | ||||
| CVE-2024-38021 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-02-10 | 8.8 High |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2024-38020 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2026-02-10 | 6.5 Medium |
| Microsoft Outlook Spoofing Vulnerability | ||||
| CVE-2024-38017 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 5.5 Medium |
| Microsoft Message Queuing Information Disclosure Vulnerability | ||||
| CVE-2024-38055 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 5.5 Medium |
| Microsoft Windows Codecs Library Information Disclosure Vulnerability | ||||
| CVE-2024-38043 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2026-02-10 | 7.8 High |
| PowerShell Elevation of Privilege Vulnerability | ||||
| CVE-2024-38041 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2026-02-10 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2024-30081 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 7.1 High |
| Windows NTLM Spoofing Vulnerability | ||||
| CVE-2020-37114 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2026-02-10 | 4.3 Medium |
| GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization. | ||||
| CVE-2025-59895 | 1 Flexense | 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more | 2026-02-10 | 7.5 High |
| Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious requests to alter the configuration file, causing the application to become unresponsive. In a successful scenario, the service may not recover on its own and require a complete reinstallation, as the configuration becomes corrupted and prevents the service from restarting, even manually. | ||||
| CVE-2026-24664 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2026-02-10 | 5.3 Medium |
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been patched in version 4.2. | ||||