Export limit exceeded: 340856 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340856 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63386 | 2 Dify, Langgenius | 2 Dify, Dify | 2026-02-11 | 9.1 Critical |
| A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains to make authenticated requests. NOTE: the Supplier disputes this because the endpoint configuration is intentional to support bootstrap. | ||||
| CVE-2025-52631 | 1 Hcltech | 1 Aion | 2026-02-11 | 3.7 Low |
| HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0. | ||||
| CVE-2025-52633 | 1 Hcltech | 1 Aion | 2026-02-11 | 3.1 Low |
| HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0. | ||||
| CVE-2025-62439 | 1 Fortinet | 1 Fortios | 2026-02-11 | 3.8 Low |
| An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests. | ||||
| CVE-2025-21427 | 1 Qualcomm | 358 205 Mobile, 205 Mobile Firmware, 215 Mobile and 355 more | 2026-02-11 | 8.2 High |
| Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network. | ||||
| CVE-2025-0875 | 2026-02-11 | 6.5 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): before v26.0328. | ||||
| CVE-2024-4259 | 2 Sambas, Sampas Holding | 2 Akos, Akos | 2026-02-11 | 9.8 Critical |
| Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7. | ||||
| CVE-2023-6190 | 1 Ikcu | 1 University Information Management System | 2026-02-11 | 9.8 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023. | ||||
| CVE-2026-26044 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26043 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26042 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26041 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26040 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26039 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26038 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26037 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26036 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2024-30098 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2026-02-10 | 7.5 High |
| Windows Cryptographic Services Security Feature Bypass Vulnerability | ||||
| CVE-2024-38164 | 1 Microsoft | 1 Groupme | 2026-02-10 | 9.6 Critical |
| An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | ||||
| CVE-2024-38176 | 1 Microsoft | 1 Groupme | 2026-02-10 | 8.1 High |
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | ||||