Export limit exceeded: 336518 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336518 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25486 | 1 Craftcms | 2 Commerce, Craft Commerce | 2026-02-10 | 4.8 Medium |
| Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is not properly sanitized before being displayed in the admin panel. This issue has been patched in version 5.5.2. | ||||
| CVE-2026-24926 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 8.4 High |
| Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24925 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 7.3 High |
| Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-25487 | 1 Craftcms | 2 Commerce, Craft Commerce | 2026-02-10 | 4.8 Medium |
| Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the Store Management section is not properly sanitized before being displayed in the admin panel. This issue has been patched in versions 4.10.1 and 5.5.2. | ||||
| CVE-2026-24923 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 6.3 Medium |
| Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-25488 | 1 Craftcms | 2 Commerce, Craft Commerce | 2026-02-10 | 4.8 Medium |
| Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Tax Categories (Name & Description) fields in the Store Management section are not properly sanitized before being displayed in the admin panel. This issue has been patched in versions 4.10.1 and 5.5.2. | ||||
| CVE-2026-24922 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 6.9 Medium |
| Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-25489 | 1 Craftcms | 2 Commerce, Craft Commerce | 2026-02-10 | 4.8 Medium |
| Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Name & Description fields in Tax Zones are not properly sanitized before being displayed in the admin panel. This issue has been patched in versions 4.10.1 and 5.5.2. | ||||
| CVE-2026-25490 | 1 Craftcms | 2 Commerce, Craft Commerce | 2026-02-10 | 4.8 Medium |
| Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the 'Address Line 1' field in Inventory Locations is not properly sanitized before being displayed in the admin panel. This issue has been patched in versions 4.10.1 and 5.5.2. | ||||
| CVE-2025-15325 | 1 Tanium | 2 Discover, Service Discover | 2026-02-10 | 6.3 Medium |
| Tanium addressed an improper input validation vulnerability in Discover. | ||||
| CVE-2026-24921 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 4.8 Medium |
| Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2025-15339 | 1 Tanium | 2 Discover, Service Discover | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Discover. | ||||
| CVE-2025-15341 | 1 Tanium | 2 Benchmark, Service Benchmark | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Benchmark. | ||||
| CVE-2025-15342 | 1 Tanium | 2 Reputation, Service Reputation | 2026-02-10 | 4.3 Medium |
| Tanium addressed an improper access controls vulnerability in Reputation. | ||||
| CVE-2026-24919 | 1 Huawei | 2 Emui, Harmonyos | 2026-02-10 | 6 Medium |
| Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24918 | 1 Huawei | 2 Emui, Harmonyos | 2026-02-10 | 6.8 Medium |
| Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24917 | 1 Huawei | 2 Emui, Harmonyos | 2026-02-10 | 6.5 Medium |
| UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24916 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 5.9 Medium |
| Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-25483 | 1 Craftcms | 2 Commerce, Craft Commerce | 2026-02-10 | 5.4 Medium |
| Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script execution. If a user has database backup utility permissions (which do not require an elevated session), an attacker can exfiltrate the entire database, including all user credentials, customer PII, order history, and 2FA recovery codes. This issue has been patched in versions 4.10.1 and 5.5.2. | ||||
| CVE-2026-24915 | 1 Huawei | 1 Harmonyos | 2026-02-10 | 6.2 Medium |
| Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||