Export limit exceeded: 344145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75438 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2360 | 1 Dalibo | 1 Postgresql Anonymizer | 2026-02-12 | 8 High |
| PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version. With PostgreSQL 15 and later, the creation permission on the public schema is revoked by default and this exploit can only be achieved if a superuser adds a new schema in her/his own search_path and grants the CREATE privilege on that schema to untrusted users, both actions being clearly discouraged by the PostgreSQL documentation. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions | ||||
| CVE-2026-2361 | 1 Dalibo | 1 Postgresql Anonymizer | 2026-02-12 | 8 High |
| PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions | ||||
| CVE-2020-37203 | 1 Nsasoft | 1 Nsauditor Office Product Key Finder | 2026-02-12 | 7.5 High |
| Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an application crash. | ||||
| CVE-2020-37202 | 1 Nsasoft | 1 Nsauditor Networksleuth | 2026-02-12 | 7.5 High |
| NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. | ||||
| CVE-2025-67221 | 1 Ijl | 1 Orjson | 2026-02-12 | 7.5 High |
| The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents. | ||||
| CVE-2025-57709 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 8.1 High |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-52869 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 8.1 High |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-52870 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-12 | 8.1 High |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2026-25577 | 1 Emmett-framework | 1 Core | 2026-02-12 | 7.5 High |
| Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. This vulnerability is fixed in 1.3.11. | ||||
| CVE-2025-6547 | 2 Browserify, Redhat | 2 Pbkdf2, Service Mesh | 2026-02-12 | 8.1 High |
| Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2. | ||||
| CVE-2026-1609 | 1 Keycloak | 1 Keycloak-quarkus-server | 2026-02-11 | 8.1 High |
| A flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper access control vulnerability by presenting a valid assertion token from an external identity provider to obtain a JWT for a disabled user. This allows unauthorized access to sensitive resources. | ||||
| CVE-2025-22453 | 1 Intel | 1 Server Firmware Update Utility | 2026-02-11 | 7.5 High |
| Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-25210 | 1 Intel | 1 Server Firmware Update Utility | 2026-02-11 | 8.2 High |
| Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-32008 | 1 Intel | 1 Intel Amt And Intel Standard Manageability | 2026-02-11 | 8.6 High |
| Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applications may allow a denial of service. Network adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via network access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (low) impacts. | ||||
| CVE-2025-9986 | 1 Vadi Corporate Information Systems | 1 Digikent | 2026-02-11 | 8.2 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025. | ||||
| CVE-2025-10174 | 1 Pan Software & Information Technologies | 1 Pancafe Pro | 2026-02-11 | 8.3 High |
| Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025. | ||||
| CVE-2025-3771 | 1 Trellix | 1 System Information Reporter | 2026-02-11 | 7.1 High |
| A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the Trellix SIR registry folder or via policy or with a junction symbolic link to files that the user would not normally have permission to acces | ||||
| CVE-2025-52868 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-11 | 8.1 High |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||
| CVE-2025-48725 | 2 Qnap, Qnap Systems | 3 Qts, Quts Hero, Quts Hero | 2026-02-11 | 8.1 High |
| A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later | ||||
| CVE-2025-48724 | 2 Qnap, Qnap Systems | 2 Qsync Central, Qsync Central | 2026-02-11 | 8.1 High |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | ||||