Search
Search Results (332956 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4404 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-02-11 | 9.1 Critical |
| A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration. | ||||
| CVE-2025-25207 | 1 Redhat | 1 Connectivity Link | 2026-02-11 | 5.7 Medium |
| The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks. | ||||
| CVE-2026-2366 | 2026-02-11 | 3.1 Low | ||
| No description is available for this CVE. | ||||
| CVE-2025-0875 | 2026-02-11 | 6.5 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): before v26.0328. | ||||
| CVE-2024-4259 | 2 Sambas, Sampas Holding | 2 Akos, Akos | 2026-02-11 | 9.8 Critical |
| Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7. | ||||
| CVE-2023-6190 | 1 Ikcu | 1 University Information Management System | 2026-02-11 | 9.8 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023. | ||||
| CVE-2026-26044 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26043 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26042 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26041 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26040 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26039 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26038 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26037 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26036 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-21349 | 1 Adobe | 1 Lightroom Desktop | 2026-02-11 | 7.8 High |
| Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-30513 | 1 Intel | 1 Tdx Module | 2026-02-11 | 7.9 High |
| Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-11142 | 1 Axis Communications Ab | 1 Axis Os | 2026-02-11 | 7.1 High |
| The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. | ||||
| CVE-2026-0508 | 1 Sap Se | 1 Sap Business Objects Business Intgelligence Platform | 2026-02-11 | 7.3 High |
| The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application. | ||||
| CVE-2025-11547 | 1 Axis Communications Ab | 1 Axis Camera Station Pro | 2026-02-11 | 7.8 High |
| AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. | ||||