Export limit exceeded: 10780 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10780 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1736 | 1 Open5gs | 1 Open5gs | 2026-02-23 | 5.3 Medium |
| A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. A patch should be applied to remediate this issue. The issue report is flagged as already-fixed. | ||||
| CVE-2026-1733 | 2 Crmeb, Zhongbangkeji | 2 Crmeb, Crmeb | 2026-02-23 | 4.3 Medium |
| A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15422 | 2 Empiresoft, Phome | 2 Empirecms, Empirecms | 2026-02-23 | 5.3 Medium |
| A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2019-1187 | 1 Microsoft | 17 Windows 10, Windows 10 1507, Windows 10 1607 and 14 more | 2026-02-20 | 5.5 Medium |
| A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. | ||||
| CVE-2019-1057 | 1 Microsoft | 17 Windows 10, Windows 10 1507, Windows 10 1607 and 14 more | 2026-02-20 | 7.5 High |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input. | ||||
| CVE-2025-36376 | 1 Ibm | 1 Security Qradar Edr | 2026-02-20 | 6.3 Medium |
| IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2025-65519 | 1 Mayswind | 1 Ezbookkeeping | 2026-02-20 | 6.5 Medium |
| mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested malicious files. This results in CPU exhaustion, service degradation, or complete service unavailability. | ||||
| CVE-2025-43724 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 4.4 Medium |
| Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares. | ||||
| CVE-2024-49602 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 6.5 Medium |
| Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2024-49603 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 4.3 Medium |
| Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability. A remote low privileged legitimate user could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2023-44288 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 7.5 High |
| Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2023-44295 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 6.3 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure. | ||||
| CVE-2024-39578 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 6.3 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | ||||
| CVE-2023-32493 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 7.3 High |
| Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution. | ||||
| CVE-2024-25952 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 6 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | ||||
| CVE-2024-25953 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 6 Medium |
| Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | ||||
| CVE-2024-25954 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.3 Medium |
| Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2025-36377 | 1 Ibm | 2 Qradar Edr, Security Qradar Edr | 2026-02-20 | 6.3 Medium |
| IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2020-37158 | 2 Avideo, Wwbn | 2 Avideo Platform, Avideo | 2026-02-20 | 5.3 Medium |
| AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication. | ||||
| CVE-2025-54917 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-02-20 | 4.3 Medium |
| Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||||