Export limit exceeded: 10647 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10647 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24834 | 1 Katacontainers | 2 Kata-containers, Kata Containers | 2026-02-23 | 9.4 Critical |
| Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue. | ||||
| CVE-2026-2861 | 1 Foswiki | 1 Foswiki | 2026-02-23 | 5.3 Medium |
| A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended. | ||||
| CVE-2025-70833 | 1 Pocketmanga | 1 Smanga | 2026-02-23 | 9.4 Critical |
| An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php. | ||||
| CVE-2025-15582 | 1 Detronetdip | 1 E-commerce | 2026-02-23 | 5.4 Medium |
| A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2025-41023 | 1 Thesamur | 1 Autogpt | 2026-02-23 | N/A |
| An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of the authorisation method used. | ||||
| CVE-2026-1568 | 1 Rapid7 | 1 Insightvm | 2026-02-23 | 9.6 Critical |
| Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service (ACS) cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The issue occurs due to the application processing these unsigned assertions and issuing session cookies that granted access to the targeted user accounts. This has been fixed in version 8.34.0 of InsightVM. | ||||
| CVE-2026-21535 | 1 Microsoft | 1 Teams | 2026-02-23 | 8.2 High |
| Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2020-16910 | 1 Microsoft | 11 Windows 10, Windows 10 1507, Windows 10 1607 and 8 more | 2026-02-23 | 6.2 Medium |
| <p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.</p> <p>To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.</p> <p>The security update addresses the vulnerability by correcting security feature behavior to enforce permissions.</p> | ||||
| CVE-2020-16222 | 1 Philips | 2 Patient Information Center Ix, Performancebridge Focal Point | 2026-02-23 | 8.8 High |
| In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | ||||
| CVE-2026-2974 | 1 Aliasvault | 1 Aliasvault | 2026-02-23 | 2.5 Low |
| A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file shared_prefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/key_derivation_params/auth_methods leads to exposure of backup file to an unauthorized control sphere. An attack has to be approached locally. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading to version 0.26.0 is able to resolve this issue. The identifier of the patch is 873ecc03f92238e162f98a068ad56069a922b4f6/0bd662320174d8265dfe3b05a04bc13efc960532. It is recommended to upgrade the affected component. The creator of the software explains: "Because of AliasVault's zero-knowledge encryption design, the tokens stored in aliasvault.xml are API session tokens that cannot decrypt the vault on their own: the master password is required for that. So while this isn't a direct vault compromise risk, there's no reason to include them in backups either." | ||||
| CVE-2026-26119 | 1 Microsoft | 1 Windows Admin Center | 2026-02-23 | 8.8 High |
| Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-21238 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-02-23 | 7.8 High |
| Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-24302 | 1 Microsoft | 1 Azure Arc | 2026-02-23 | 8.6 High |
| Azure Arc Elevation of Privilege Vulnerability | ||||
| CVE-2026-24300 | 1 Microsoft | 1 Azure Front Door | 2026-02-23 | 9.8 Critical |
| Azure Front Door Elevation of Privilege Vulnerability | ||||
| CVE-2019-2386 | 1 Mongodb | 1 Mongodb | 2026-02-23 | 7.1 High |
| After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9; MongoDB Server v3.6 versions prior to 3.6.13 and MongoDB Server v3.4 versions prior to 3.4.22. Workaround: After deleting one or more users, restart any nodes which may have had active user authorization sessions. Refrain from creating user accounts with the same name as previously deleted accounts. | ||||
| CVE-2026-21627 | 1 Tassos.gr | 6 Advanced Custom Fields, Convert Forms, Engagebox and 3 more | 2026-02-23 | N/A |
| The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction. | ||||
| CVE-2025-67998 | 2 Kamleshyadav, Wordpress | 2 Miraculous Elementor, Wordpress | 2026-02-23 | N/A |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7. | ||||
| CVE-2025-68895 | 2 Ahachat, Wordpress | 2 Ahachat Messenger Marketing, Wordpress | 2026-02-23 | N/A |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ahachat AhaChat Messenger Marketing ahachat-messenger-marketing allows Password Recovery Exploitation.This issue affects AhaChat Messenger Marketing: from n/a through <= 1.1. | ||||
| CVE-2026-2850 | 1 Yeqifu | 1 Warehouse | 2026-02-23 | 6.3 Medium |
| A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerController.java of the component Customer Endpoint. Performing a manipulation results in improper access controls. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-2851 | 1 Yeqifu | 1 Warehouse | 2026-02-23 | 6.3 Medium |
| A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\InportController.java of the component Inport Endpoint. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet. | ||||