Export limit exceeded: 340916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28899 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2026-02-10 | 8.8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-21417 | 1 Microsoft | 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more | 2026-02-10 | 8.8 High |
| Windows Text Services Framework Elevation of Privilege Vulnerability | ||||
| CVE-2026-25251 | 2026-02-10 | N/A | ||
| This has been moved to the REJECTED state because the information source is under review. If circumstances change, it is possible that this will be moved to the PUBLISHED state at a later date. | ||||
| CVE-2025-20991 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2026-02-10 | 4 Medium |
| Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable. | ||||
| CVE-2025-20992 | 1 Samsung | 1 Android | 2026-02-10 | 4 Medium |
| Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory. | ||||
| CVE-2025-20993 | 1 Samsung | 1 Android | 2026-02-10 | 4 Medium |
| Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory. | ||||
| CVE-2025-20989 | 1 Samsung | 1 Android | 2026-02-10 | 5.2 Medium |
| Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key. | ||||
| CVE-2025-20988 | 1 Samsung | 1 Android | 2026-02-10 | 5.5 Medium |
| Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. | ||||
| CVE-2025-20987 | 1 Samsung | 1 Android | 2026-02-10 | 5.2 Medium |
| Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token. | ||||
| CVE-2025-20985 | 1 Samsung | 1 Android | 2026-02-10 | 5.5 Medium |
| Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items. | ||||
| CVE-2025-20981 | 1 Samsung | 1 Android | 2026-02-10 | 6.2 Medium |
| Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information. | ||||
| CVE-2025-11004 | 1 Silabs | 1 Simplicity Device Manager | 2026-02-10 | N/A |
| The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has Simplicity Device Manager tool running in the background. | ||||
| CVE-2026-26009 | 1 Karutoil | 1 Catalyst | 2026-02-10 | 10 Critical |
| Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or template.update permission can define arbitrary shell commands that achieve full root-level remote code execution on every node machine in the cluster. This vulnerability is fixed in commit 11980aaf3f46315b02777f325ba02c56b110165d. | ||||
| CVE-2025-27940 | 1 Intel | 1 Tdx Module | 2026-02-10 | 4.1 Medium |
| Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Software side channel adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-59023 | 1 Powerdns | 1 Recursor | 2026-02-10 | 8.2 High |
| Crafted delegations or IP fragments can poison cached delegations in Recursor. | ||||
| CVE-2025-59024 | 1 Powerdns | 1 Recursor | 2026-02-10 | 6.5 Medium |
| Crafted delegations or IP fragments can poison cached delegations in Recursor. | ||||
| CVE-2026-0845 | 2 Wclovers, Wordpress | 2 Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible, Wordpress | 2026-02-10 | 7.2 High |
| The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFM_Settings_Controller::processing' function in all versions up to, and including, 6.7.24. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2025-15147 | 2 Wclovers, Wordpress | 2 Wcfm Membership – Woocommerce Memberships For Multivendor Marketplace, Wordpress | 2026-02-10 | 4.3 Medium |
| The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm_Memberships_Payment_Controller::processing' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify other users' membership payments. | ||||
| CVE-2025-36407 | 1 Ibm | 1 Db2 | 2026-02-10 | 6.5 Medium |
| IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. | ||||
| CVE-2020-37114 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2026-02-10 | 4.3 Medium |
| GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization. | ||||