Search
Search Results (333022 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2534 | 2026-02-16 | 6.3 Medium | ||
| A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2574 | 2026-02-16 | 5.4 Medium | ||
| A flaw was found in glib-networking. A malicious Transport Layer Security (TLS) server can exploit an out-of-bounds read and invalid free vulnerability when a client using the OpenSSL backend connects. By advertising a specially crafted client-CA list, the server can trigger an issue where memory is accessed outside of its allocated buffer and subsequently freed incorrectly. This can lead to a denial-of-service and potentially disclose limited heap memory. | ||||
| CVE-2026-2516 | 2026-02-15 | 7 High | ||
| A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-23766 | 1 Istio | 1 Istio | 2026-02-14 | 3.3 Low |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | ||||
| CVE-2026-1731 | 1 Beyondtrust | 2 Privileged Remote Access, Remote Support | 2026-02-14 | N/A |
| BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user. | ||||
| CVE-2026-2469 | 2026-02-14 | 7.6 High | ||
| Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the id() function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands. This allows attackers to read or delete victim's emails, terminate the victim's session or execute any valid IMAP command on victim's mailbox by including quote characters " or CRLF sequences \r\n in the input. | ||||
| CVE-2025-69634 | 1 Dolibarr | 1 Dolibarr | 2026-02-14 | 9 Critical |
| Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user. | ||||
| CVE-2026-2441 | 1 Google | 1 Chrome | 2026-02-14 | 8.8 High |
| Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-26303 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2026-26302 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2026-26301 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2026-26300 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2026-26299 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2026-26298 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2026-26297 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2026-26296 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2026-26295 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2025-9293 | 2 Tp-link, Tp Link | 14 Aginet App, Deco App, Festa App and 11 more | 2026-02-13 | N/A |
| A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data. | ||||
| CVE-2025-9292 | 1 Tp-link | 1 Omada Cloud Controller | 2026-02-13 | N/A |
| A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TP‑Link. No user action is required. | ||||
| CVE-2025-55338 | 1 Microsoft | 26 Bitlocker, Windows, Windows 10 and 23 more | 2026-02-13 | 6.1 Medium |
| Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||