Export limit exceeded: 341117 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341117 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25237 | 1 Pear | 1 Pearweb | 2026-02-05 | 9.8 Critical |
| PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of preg_replace() with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in version 1.33.0. | ||||
| CVE-2026-23842 | 2 Chatterbot, Gunthercox | 2 Chatterbot, Chatterbot | 2026-02-05 | 7.5 High |
| ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the get_response() method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service unavailability and requiring a manual restart to recover. Version 1.2.11 fixes the issue. | ||||
| CVE-2026-25238 | 1 Pear | 1 Pearweb | 2026-02-05 | 9.8 Critical |
| PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0. | ||||
| CVE-2026-25239 | 1 Pear | 1 Pearweb | 2026-02-05 | 7.5 High |
| PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0. | ||||
| CVE-2026-25240 | 1 Pear | 1 Pearweb | 2026-02-05 | 9.8 Critical |
| PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains() when role filters are provided as an array and interpolated into an IN (...) clause. This issue has been patched in version 1.33.0. | ||||
| CVE-2026-25241 | 1 Pear | 1 Pearweb | 2026-02-05 | 9.8 Critical |
| PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get/<package>/<version> endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0. | ||||
| CVE-2025-41024 | 2 Nikhil-bhalerao, Poultry Farm Management System Project | 2 Poultry Farm Management System, Poultry Farm Management System | 2026-02-05 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country', 'mobilenumber' y 'regno' parameters in '/farm/farmprofile.php'. | ||||
| CVE-2025-41025 | 2 Nikhil-bhalerao, Poultry Farm Management System Project | 2 Poultry Farm Management System, Poultry Farm Management System | 2026-02-05 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'category' y 'product' parameters in '/farm/sell_product.php'. | ||||
| CVE-2019-25285 | 1 Alps | 1 Pointing-device Controller | 2026-02-05 | 7.8 High |
| Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots. | ||||
| CVE-2025-58340 | 1 Samsung | 25 Exynos, Exynos 1080, Exynos 1080 Firmware and 22 more | 2026-02-05 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_delts write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-58341 | 1 Samsung | 25 Exynos, Exynos 1080, Exynos 1080 Firmware and 22 more | 2026-02-05 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_cert_disable_ht_vht write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-15281 | 1 Gnu | 1 Glibc | 2026-02-05 | 7.5 High |
| Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. | ||||
| CVE-2025-58342 | 1 Samsung | 25 Exynos, Exynos 1080, Exynos 1080 Firmware and 22 more | 2026-02-05 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-58344 | 1 Samsung | 25 Exynos, Exynos 1080, Exynos 1080 Firmware and 22 more | 2026-02-05 | 6.2 Medium |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation in a /proc/driver/unifi0/conn_log_event_burst_to_us write operation, leading to kernel memory exhaustion. | ||||
| CVE-2025-36063 | 1 Ibm | 2 Sterling Connect\, Sterling Connectexpress Adapter For Sterling B2b Integrator 520 | 2026-02-05 | 6.3 Medium |
| IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2026-24345 | 2 Actions-micro, Nimbletech | 4 Ezcast Pro Ii, Ezcast Pro Ii Firmware, Ezcast Pro Dongle Ii and 1 more | 2026-02-05 | 8.8 High |
| Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI | ||||
| CVE-2026-24346 | 2 Actions-micro, Nimbletech | 4 Ezcast Pro Ii, Ezcast Pro Ii Firmware, Ezcast Pro Dongle Ii and 1 more | 2026-02-05 | 9.1 Critical |
| Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application | ||||
| CVE-2026-24347 | 2 Actions-micro, Nimbletech | 4 Ezcast Pro Ii, Ezcast Pro Ii Firmware, Ezcast Pro Dongle Ii and 1 more | 2026-02-05 | 5.3 Medium |
| Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory | ||||
| CVE-2026-24515 | 1 Libexpat Project | 1 Libexpat | 2026-02-05 | 2.9 Low |
| In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | ||||
| CVE-2019-25287 | 1 Lavasoft | 1 Web Companion | 2026-02-05 | 7.8 High |
| Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Lavasoft\Web Companion\Application\ to inject malicious code that would execute with LocalSystem privileges during service startup. | ||||