Export limit exceeded: 76418 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76418 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70758 | 1 Chetans9 | 1 Core-php-admin-panel | 2026-02-11 | 7.5 High |
| chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The application sends an HTTP redirect via header(Location:login.php) when a user is not authenticated but fails to call exit() afterward. This allows remote unauthenticated attackers to access protected pages.customer database. | ||||
| CVE-2025-69983 | 1 Frangoteam | 1 Fuxa | 2026-02-11 | 8.2 High |
| FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise. | ||||
| CVE-2025-69981 | 1 Frangoteam | 1 Fuxa | 2026-02-11 | 7.5 High |
| FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files (such as the SQLite user database) to gain administrative access, or to upload malicious scripts to execute arbitrary code. | ||||
| CVE-2026-23720 | 1 Siemens | 2 Simcenter Femap, Simcenter Nastran | 2026-02-11 | 7.8 High |
| A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2026-24343 | 1 Apache | 1 Hertzbeat | 2026-02-11 | 8.8 High |
| Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue. | ||||
| CVE-2025-69875 | 1 Quickheal | 1 Total Security | 2026-02-11 | 7.8 High |
| A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be abused by a local attacker to place files in high-privilege locations, potentially leading to privilege escalation. | ||||
| CVE-2025-63057 | 2 Roxnor, Wordpress | 2 Wp Ultimate Review, Wordpress | 2026-02-11 | 8.2 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows DOM-Based XSS.This issue affects Wp Ultimate Review: from n/a through <= 2.3.6. | ||||
| CVE-2025-63062 | 1 Wordpress | 1 Wordpress | 2026-02-11 | 7.6 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AndonDesign UDesign Core u-design-core allows PHP Local File Inclusion.This issue affects UDesign Core: from n/a through <= 4.14.0. | ||||
| CVE-2026-25611 | 1 Mongodb | 1 Mongodb | 2026-02-11 | 7.5 High |
| A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server. | ||||
| CVE-2025-21427 | 1 Qualcomm | 358 205 Mobile, 205 Mobile Firmware, 215 Mobile and 355 more | 2026-02-11 | 8.2 High |
| Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network. | ||||
| CVE-2024-30098 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2026-02-10 | 7.5 High |
| Windows Cryptographic Services Security Feature Bypass Vulnerability | ||||
| CVE-2024-38176 | 1 Microsoft | 1 Groupme | 2026-02-10 | 8.1 High |
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | ||||
| CVE-2024-38094 | 1 Microsoft | 1 Sharepoint Server | 2026-02-10 | 7.2 High |
| Microsoft SharePoint Remote Code Execution Vulnerability | ||||
| CVE-2024-38079 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 7.8 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2024-38078 | 1 Microsoft | 6 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 3 more | 2026-02-10 | 7.5 High |
| Xbox Wireless Adapter Remote Code Execution Vulnerability | ||||
| CVE-2024-38073 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2026-02-10 | 7.5 High |
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | ||||
| CVE-2024-38070 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2026-02-10 | 7.8 High |
| Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | ||||
| CVE-2024-38069 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2026-02-10 | 7 High |
| Windows Enroll Engine Security Feature Bypass Vulnerability | ||||
| CVE-2024-38068 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 7.5 High |
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | ||||
| CVE-2024-38067 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2026-02-10 | 7.5 High |
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | ||||