Export limit exceeded: 335260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335260 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7796 | 1 Synacor | 1 Zimbra Collaboration Suite | 2026-02-18 | 9.8 Critical |
| Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | ||||
| CVE-2024-7694 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2026-02-18 | 7.2 High |
| ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server. | ||||
| CVE-2025-41350 | 2 Iest, Informatica Del Este | 2 Winplus, Winplus | 2026-02-18 | 5.4 Medium |
| Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '/WinplusPortal/ws/sWinplus.svc/json/savesoldoc_post'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. | ||||
| CVE-2025-41349 | 2 Iest, Informatica Del Este | 2 Winplus, Winplus | 2026-02-18 | 5.4 Medium |
| Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '/WinplusPortal/ws/sWinplus. svc/json/savesolpla_post'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. | ||||
| CVE-2025-41348 | 2 Iest, Informatica Del Este | 2 Winplus, Winplus | 2026-02-18 | 9.8 Critical |
| SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumper_post'. | ||||
| CVE-2025-41347 | 2 Iest, Informatica Del Este | 2 Winplus, Winplus | 2026-02-18 | 9.8 Critical |
| Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'. | ||||
| CVE-2025-41346 | 2 Iest, Informatica Del Este | 2 Winplus, Winplus | 2026-02-18 | 9.8 Critical |
| Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application. | ||||
| CVE-2026-2625 | 1 Rust-rpm-sequoia | 1 Rust-rpm-sequoia | 2026-02-18 | 4.0 Medium |
| No description is available for this CVE. | ||||
| CVE-2026-25421 | 2026-02-18 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE. | ||||
| CVE-2008-0015 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2026-02-18 | 8.8 High |
| Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." | ||||
| CVE-2026-27038 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27037 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27036 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27035 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27034 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27033 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27032 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27031 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-2570 | 2026-02-17 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2025-65128 | 1 Shenzhen Zhibotong Electronics | 1 Zbt We2001 | 2026-02-17 | 8.1 High |
| A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "*_nocommit" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session. | ||||