Export limit exceeded: 340448 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 340448 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 76547 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76547 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1294 | 2 Bplugins, Wordpress | 2 All In One Image Viewer Block – Gutenberg Block To Create Image Viewer With Hyperlink, Wordpress | 2026-02-06 | 7.2 High |
| The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2026-23572 | 1 Teamviewer | 3 Full Client, Host, Teamviewer | 2026-02-06 | 7.2 High |
| Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized access prior to local confirmation. The user needs to be authenticated for the remote session via ID/password, Session Link, or Easy Access as a prerequisite to exploit this vulnerability. | ||||
| CVE-2020-37139 | 1 Odin-secure-ftp-expert | 1 Odin Secure Ftp Expert | 2026-02-06 | 8.4 High |
| Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the application to crash. | ||||
| CVE-2020-37143 | 1 Ge Intelligent Platforms | 1 Proficyscada For Ios | 2026-02-06 | 7.5 High |
| ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication. | ||||
| CVE-2020-37136 | 1 Emtec | 1 Zoc Terminal | 2026-02-06 | 7.5 High |
| ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create SSH key files. | ||||
| CVE-2026-1010 | 1 Altium | 2 Altium 365, On-prem Enterprise Server | 2026-02-05 | 8 High |
| A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow, the injected payload executes in the administrator’s browser context, allowing privilege escalation, including creation of new administrator accounts, session token theft, and execution of administrative actions. | ||||
| CVE-2025-66648 | 2 Vega-functions Project, Vega Project | 2 Vega-functions, Vega-functions | 2026-02-05 | 7.2 High |
| vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function (not part of the public API) could be used to run unintentional javascript (XSS). This issue is fixed in vega-functions `6.1.1`. There is no workaround besides upgrading. Using `vega.expressionInterpreter` as described in CSP safe mode does not prevent this issue. | ||||
| CVE-2025-59467 | 2 Ubiquiti, Ui | 2 Ucrm Argentina Afip Invoices Plugin, Argentina Afip Invoices | 2026-02-05 | 7.5 High |
| A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier) Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later. | ||||
| CVE-2026-22771 | 1 Envoyproxy | 1 Gateway | 2026-02-05 | 8.8 High |
| Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communicate with the control plane and gain access to all secrets that are used by Envoy proxy, e.g. TLS private keys and credentials used for downstream and upstream communication. This vulnerability is fixed in 1.5.7 and 1.6.2. | ||||
| CVE-2026-22777 | 1 Comfy | 2 Comfyui, Comfyui-manager | 2026-02-05 | 7.5 High |
| ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5. | ||||
| CVE-2026-22704 | 2 Haxtheweb, Psu | 2 Hax, Haxcms-nodejs | 2026-02-05 | 8.1 High |
| HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0. | ||||
| CVE-2026-25056 | 1 N8n | 1 N8n | 2026-02-05 | 8.8 High |
| n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0. | ||||
| CVE-2026-25055 | 1 N8n | 1 N8n | 2026-02-05 | 8.1 High |
| n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a prerequisites an unauthenticated attacker needs knowledge of such workflows existing and the endpoints for file uploads need to be unauthenticated. This issue has been patched in versions 1.123.12 and 2.4.0. | ||||
| CVE-2025-66698 | 2 Semantic, Semantic-machines | 2 Machines, Veda | 2026-02-05 | 8.6 High |
| An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints. | ||||
| CVE-2025-5914 | 2 Libarchive, Redhat | 19 Libarchive, Cert Manager, Confidential Compute Attestation and 16 more | 2026-02-05 | 7.8 High |
| A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. | ||||
| CVE-2025-71063 | 1 Mrvladus | 1 Errands | 2026-02-05 | 8.2 High |
| Errands before 46.2.10 does not verify TLS certificates for CalDAV servers. | ||||
| CVE-2026-21452 | 1 Msgpack | 2 Messagepack, Msgpack | 2026-02-05 | 7.5 High |
| MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later trusts the declared EXT payload length when materializing the extension data. When ExtensionValue.getData() is invoked, the library attempts to allocate a byte array of the declared length without enforcing any upper bound. A malicious .msgpack file of only a few bytes can therefore trigger unbounded heap allocation, resulting in JVM heap exhaustion, process termination, or service unavailability. This vulnerability is triggered during model loading / deserialization, making it a model format vulnerability suitable for remote exploitation. The vulnerability enables a remote denial-of-service attack against applications that deserialize untrusted .msgpack model files using MessagePack for Java. A specially crafted but syntactically valid .msgpack file containing an EXT32 object with an attacker-controlled, excessively large payload length can trigger unbounded memory allocation during deserialization. When the model file is loaded, the library trusts the declared length metadata and attempts to allocate a byte array of that size, leading to rapid heap exhaustion, excessive garbage collection, or immediate JVM termination with an OutOfMemoryError. The attack requires no malformed bytes, user interaction, or elevated privileges and can be exploited remotely in real-world environments such as model registries, inference services, CI/CD pipelines, and cloud-based model hosting platforms that accept or fetch .msgpack artifacts. Because the malicious file is extremely small yet valid, it can bypass basic validation and scanning mechanisms, resulting in complete service unavailability and potential cascading failures in production systems. Version 0.9.11 fixes the vulnerability. | ||||
| CVE-2025-62842 | 2 Qnap, Qnap Systems Inc. | 2 Hybrid Backup Sync, Hbs 3 Hybrid Backup Sync | 2026-02-05 | 7.8 High |
| An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later | ||||
| CVE-2026-23846 | 1 Quenary | 1 Tugtainer | 2026-02-05 | 8.1 High |
| Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially exposed through browser history, Referer headers, and proxy logs. Version 1.16.1 patches the issue. | ||||
| CVE-2024-10930 | 1 Carrier | 1 Block Load | 2026-02-05 | 7.8 High |
| An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. | ||||