Search
Search Results (332828 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1837 | 1 Google | 1 Libjxl | 2026-02-13 | 8.8 High |
| A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags). | ||||
| CVE-2026-23856 | 1 Dell | 1 Idrac Service Module | 2026-02-13 | 7.8 High |
| Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2026-20626 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-02-13 | 7.8 High |
| This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges. | ||||
| CVE-2026-23857 | 1 Dell | 1 Update Package | 2026-02-13 | 8.2 High |
| Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2025-41117 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2026-02-13 | 6.8 Medium |
| Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo do not appear affected whatsoever. | ||||
| CVE-2026-26257 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26256 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26255 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26254 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26253 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26252 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26251 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26250 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26249 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-20663 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-02-12 | 3.3 Low |
| The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2025-64074 | 1 Shenzhen Zhibotong Electronics | 1 Zbt We2001 | 2026-02-12 | 5.3 Medium |
| A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value. | ||||
| CVE-2024-50618 | 1 Cipplanner | 1 Cipace | 2026-02-12 | 4.3 Medium |
| A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection mechanism. When the system is configured to allow login with internal accounts, an attacker can possibly obtain full authentication if the secret in a single-factor authentication scheme gets compromised. | ||||
| CVE-2024-26479 | 1 Statping-ng | 1 Statping-ng | 2026-02-12 | 5.3 Medium |
| An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function. | ||||
| CVE-2024-26478 | 1 Statping-ng | 1 Statping-ng | 2026-02-12 | 5.3 Medium |
| An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint. | ||||
| CVE-2024-26477 | 1 Statping-ng | 1 Statping-ng | 2026-02-12 | 7.5 High |
| An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints. | ||||