Export limit exceeded: 76071 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76071 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47544 | 1 Atarim | 1 Atarim | 2026-02-18 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.12 versions. | ||||
| CVE-2023-31979 | 1 Fossies | 1 Catdoc | 2026-02-18 | 7.8 High |
| Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c. | ||||
| CVE-2024-54028 | 3 Catdoc, Debian, Fossies | 3 Catdoc, Debian Linux, Catdoc | 2026-02-18 | 8.4 High |
| An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-52035 | 3 Catdoc, Debian, Fossies | 3 Catdoc, Debian Linux, Catdoc | 2026-02-18 | 8.4 High |
| An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2025-59886 | 1 Eaton | 1 Xcomfort Ethernet Communication Interface | 2026-02-18 | 8.8 High |
| Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the product. Upon retirement or end of support, there will be no new security updates, non-security updates, or paid assisted support options, or online technical content updates. | ||||
| CVE-2025-67450 | 1 Eaton | 1 Ups Companion | 2026-02-18 | 7.8 High |
| Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center. | ||||
| CVE-2025-59887 | 1 Eaton | 1 Ups Companion | 2026-02-18 | 8.6 High |
| Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center. | ||||
| CVE-2026-22235 | 2 Opexus, Opexustech | 2 Ecomplaint, Ecase Ecomplaint | 2026-02-18 | 7.5 High |
| OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files. | ||||
| CVE-2024-7694 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2026-02-18 | 7.2 High |
| ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server. | ||||
| CVE-2008-0015 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2026-02-18 | 8.8 High |
| Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." | ||||
| CVE-2025-65128 | 1 Shenzhen Zhibotong Electronics | 1 Zbt We2001 | 2026-02-17 | 8.1 High |
| A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "*_nocommit" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session. | ||||
| CVE-2026-24135 | 1 Gogs | 1 Gogs | 2026-02-17 | 8.1 High |
| Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulating the old_title parameter in the wiki editing form. This issue has been patched in versions 0.13.4 and 0.14.0+dev. | ||||
| CVE-2026-25635 | 2 Calibre-ebook, Kovidgoyal | 2 Calibre, Calibre | 2026-02-17 | 8.6 High |
| calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0. | ||||
| CVE-2026-25636 | 2 Calibre-ebook, Kovidgoyal | 2 Calibre, Calibre | 2026-02-17 | 8.2 High |
| calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0. | ||||
| CVE-2026-25731 | 2 Calibre-ebook, Kovidgoyal | 2 Calibre, Calibre | 2026-02-17 | 7.8 High |
| calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0. | ||||
| CVE-2026-24486 | 2 Fastapiexpert, Kludex | 2 Python-multipart, Python-multipart | 2026-02-17 | 8.6 High |
| Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations. | ||||
| CVE-2026-20628 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-02-17 | 7.1 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox. | ||||
| CVE-2020-37200 | 1 Nsasoft | 2 Netsharewatcher, Nsauditor Netsharewatcher | 2026-02-17 | 7.5 High |
| NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash. | ||||
| CVE-2021-47723 | 1 Stvs | 1 Provision | 2026-02-17 | 8.8 High |
| STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users. | ||||
| CVE-2026-24490 | 2 Mobsf, Opensecurity | 2 Mobile Security Framework, Mobile Security Framework | 2026-02-17 | 8.1 High |
| MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The `android:host` attribute from `<data android:scheme="android_secret_code">` elements is rendered in HTML reports without sanitization, enabling session hijacking and account takeover. Version 4.4.5 fixes the issue. | ||||