Export limit exceeded: 74480 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74480 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27692 | 2026-02-25 | 7.1 High | ||
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available. | ||||
| CVE-2025-65715 | 1 Formulahendry | 2 Coderunner, Vscode-code-runner | 2026-02-25 | 7.8 High |
| An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace. | ||||
| CVE-2026-25649 | 1 Traccar | 1 Traccar | 2026-02-25 | 7.3 High |
| Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 authorization codes by exploiting an open redirect vulnerability in two OIDC-related endpoints. The `redirect_uri` parameter is not validated against a whitelist, allowing attackers to redirect authorization codes to attacker-controlled URLs, enabling account takeover on any OAuth-integrated application. As of time of publication, it is unclear whether a fix is available. | ||||
| CVE-2026-27696 | 1 Dgtlmoon | 1 Changedetection.io | 2026-02-25 | 8.6 High |
| changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery (SSRF) because the URL validation function `is_safe_valid_url()` does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user (or any user when no password is configured, which is the default) can add a watch for internal network URLs. The application fetches these URLs server-side, stores the response content, and makes it viewable through the web UI — enabling full data exfiltration from internal services. Version 0.54.1 contains a fix for the issue. | ||||
| CVE-2026-22383 | 2 Mikado-themes, Wordpress | 2 Pawfriends - Pet Shop And Veterinary Wordpress Theme, Wordpress | 2026-02-25 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3. | ||||
| CVE-2025-70328 | 1 Totolink | 1 X6000r | 2026-02-25 | 8.8 High |
| TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the input are validated, the remainder of the string is not sanitized, allowing authenticated attackers to execute arbitrary shell commands via shell metacharacters. | ||||
| CVE-2025-70058 | 1 Ymfe | 1 Yapi | 2026-02-25 | 7.4 High |
| An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests | ||||
| CVE-2025-69674 | 1 Cdatatec | 1 Fd614gs3-r850 | 2026-02-25 | 8.8 High |
| Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.250211) allows an attacker to execute arbitrary code via the node_mac, node_opt, opt_param, and domainblk parameters of the mesh_node_config and domiainblk_config modules | ||||
| CVE-2022-31595 | 1 Sap | 1 Adaptive Server Enterprise | 2026-02-25 | 8.8 High |
| SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2026-27195 | 1 Bytecodealliance | 1 Wasmtime | 2026-02-25 | 7.5 High |
| Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the `component-model-async` feature became the default, which brought with it a new implementation of `[Typed]Func::call_async` which made it capable of calling async-typed guest export functions. However, that implementation had a bug leading to a panic under certain circumstances: First, the host embedding calls `[Typed]Func::call_async` on a function exported by a component, polling the returned `Future` once. Second, the component function yields control to the async runtime (e.g. Tokio), e.g. due to a call to host function registered using `LinkerInstance::func_wrap_async` which yields, or due an epoch interruption. Third, the host embedding drops the `Future` after polling it once. This leaves the component instance in a non-reenterable state since the call never had a chance to complete. Fourth, the host embedding calls `[Typed]Func::call_async` again, polling the returned `Future`. Since the component instance cannot be entered at this point, the call traps, but not before allocating a task and thread for the call. Fifth, the host embedding ignores the trap and drops the `Future`. This panics due to the runtime attempting to dispose of the task created above, which panics since the thread has not yet exited. When a host embedder using the affected versions of Wasmtime calls `wasmtime::component::[Typed]Func::call_async` on a guest export and then drops the returned future without waiting for it to resolve, and then does so again with the same component instance, Wasmtime will panic. Embeddings that have the `component-model-async` compile-time feature disabled are unaffected. Wasmtime 40.0.4 and 41.0.4 have been patched to fix this issue. Versions 42.0.0 and later are not affected. If an embedding is not actually using any component-model-async features then disabling the `component-model-async` Cargo feature can work around this issue. This issue can also be worked around by either ensuring every `call_async` future is awaited until it completes or refraining from using the `Store` again after dropping a not-yet-resolved `call_async` future. | ||||
| CVE-2026-25545 | 2 Astro, Withastro | 2 \@astrojs\/node, Astro | 2026-02-25 | 8.6 High |
| Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page (eg. `404.astro` or `500.astro`) are vulnerable to SSRF. If the `Host:` header is changed to an attacker's server, it will be fetched on `/500.html` and they can redirect this to any internal URL to read the response body through the first request. An attacker who can access the application without `Host:` header validation (eg. through finding the origin IP behind a proxy, or just by default) can fetch their own server to redirect to any internal IP. With this they can fetch cloud metadata IPs and interact with services in the internal network or localhost. For this to be vulnerable, a common feature needs to be used, with direct access to the server (no proxies). Version 9.5.4 fixes the issue. | ||||
| CVE-2022-2845 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2026-02-25 | 7.8 High |
| Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. | ||||
| CVE-2022-2824 | 1 Open-emr | 1 Openemr | 2026-02-25 | 8.8 High |
| Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2022-2820 | 1 Namelessmc | 1 Nameless | 2026-02-25 | 7 High |
| Session Fixation in GitHub repository namelessmc/nameless prior to v2.0.2. | ||||
| CVE-2022-2732 | 1 Open-emr | 1 Openemr | 2026-02-25 | 8.3 High |
| Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2022-2636 | 1 Hestiacp | 1 Control Panel | 2026-02-25 | 8.5 High |
| Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. | ||||
| CVE-2022-2054 | 1 Nuitka | 1 Nuitka | 2026-02-25 | 8.4 High |
| Code Injection in GitHub repository nuitka/nuitka prior to 0.9. | ||||
| CVE-2026-25648 | 1 Traccar | 1 Traccar | 2026-02-25 | 8.7 High |
| Versions of the Traccar open-source GPS tracking system starting with 6.11.1 contain an issue in which authenticated users can execute arbitrary JavaScript in the context of other users' browsers by uploading malicious SVG files as device images. The application accepts SVG file uploads without sanitization and serves them with the `image/svg+xml` Content-Type, allowing embedded JavaScript to execute when victims view the image. As of time of publication, it is unclear whether a fix is available. | ||||
| CVE-2022-28773 | 1 Sap | 2 Netweaver, Web Dispatcher | 2026-02-25 | 7.5 High |
| Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. | ||||
| CVE-2022-28771 | 1 Sap | 1 Business One License Service Api | 2026-02-25 | 7.5 High |
| Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible. | ||||