Export limit exceeded: 14152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10620 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70983 | 2 Bladex, Springblade Project | 2 Springblade, Springblade | 2026-02-11 | 9.9 Critical |
| Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges. | ||||
| CVE-2025-52024 | 1 Aptsys | 2 Gemscms Backend, Pos Platform Web Services | 2026-02-11 | 9.4 Critical |
| A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services, each with an HTML form for submitting test input. These panels are intended for developer use, but are accessible in production environments with no authentication or session validation. This grants any external actor the ability to discover, test, and execute API endpoints that perform critical functions including but not limited to user transaction retrieval, credit adjustments, POS actions, and internal data queries. | ||||
| CVE-2024-4259 | 2 Sambas, Sampas Holding | 2 Akos, Akos | 2026-02-11 | 9.8 Critical |
| Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7. | ||||
| CVE-2024-21417 | 1 Microsoft | 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more | 2026-02-10 | 8.8 High |
| Windows Text Services Framework Elevation of Privilege Vulnerability | ||||
| CVE-2025-15342 | 1 Tanium | 2 Reputation, Service Reputation | 2026-02-10 | 4.3 Medium |
| Tanium addressed an improper access controls vulnerability in Reputation. | ||||
| CVE-2025-15289 | 1 Tanium | 2 Interact, Service Interact | 2026-02-10 | 3.1 Low |
| Tanium addressed an improper access controls vulnerability in Interact. | ||||
| CVE-2025-15330 | 1 Tanium | 2 Deploy, Service Deploy | 2026-02-10 | 8.8 High |
| Tanium addressed an improper input validation vulnerability in Deploy. | ||||
| CVE-2025-15327 | 1 Tanium | 2 Deploy, Service Deploy | 2026-02-10 | 4.3 Medium |
| Tanium addressed an improper access controls vulnerability in Deploy. | ||||
| CVE-2025-15326 | 1 Tanium | 2 Patch, Service Patch | 2026-02-10 | 4.3 Medium |
| Tanium addressed an improper access controls vulnerability in Patch. | ||||
| CVE-2025-15321 | 1 Tanium | 1 Tanos | 2026-02-10 | 2.7 Low |
| Tanium addressed an improper input validation vulnerability in Tanium Appliance. | ||||
| CVE-2025-2848 | 1 Synology | 2 Diskstation Manager, Mail Server | 2026-02-09 | 6.3 Medium |
| A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions. | ||||
| CVE-2025-68140 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-02-06 | 4.3 Medium |
| EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message submitted with a session ID of 0 is accepted, as it matches the registered value. This could allow unauthorized and anonymous indirect emission of MQTT messages and communication with V2G messages handlers, updating a session context. Version 2025.9.0 fixes the issue. | ||||
| CVE-2025-13985 | 2 Drupal, Ithom | 2 Entity Share, Entity Share | 2026-02-06 | 5.3 Medium |
| Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0. | ||||
| CVE-2025-27461 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | 7.6 High |
| During startup, the device automatically logs in the EPC2 Windows user without requesting a password. | ||||
| CVE-2025-63294 | 1 Workdo | 2 Hrm Saas, Hrm Saas Hr And Payroll Tool | 2026-02-04 | 6.5 Medium |
| WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users. | ||||
| CVE-2025-54159 | 1 Synology | 2 Beedrive, Beedrive For Desktop | 2026-02-04 | 7.5 High |
| Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrary files via unspecified vectors. | ||||
| CVE-2025-48784 | 1 Scshr | 1 Hr Portal | 2026-02-04 | 7.5 High |
| A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization. | ||||
| CVE-2025-15115 | 1 Petlibro | 2 Petlibro, Smart Pet Feeder Platform | 2026-02-03 | 6.5 Medium |
| Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin with arbitrary Google IDs and phoneBrand parameters to obtain full session tokens and account access without proper OAuth verification. | ||||
| CVE-2025-49181 | 1 Sick | 1 Media Server | 2026-02-03 | 8.6 High |
| Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service attack. | ||||
| CVE-2018-25146 | 1 Microhardcorp | 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more | 2026-02-02 | 8.1 High |
| Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart. | ||||