Search
Search Results (333226 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7796 | 1 Synacor | 1 Zimbra Collaboration Suite | 2026-02-18 | 9.8 Critical |
| Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | ||||
| CVE-2024-7694 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2026-02-18 | 7.2 High |
| ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server. | ||||
| CVE-2026-26190 | 1 Milvus | 1 Milvus | 2026-02-18 | 9.8 Critical |
| Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10. | ||||
| CVE-2026-1335 | 1 Dassault Systèmes | 1 Solidworks Edrawings | 2026-02-18 | 7.8 High |
| An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file. | ||||
| CVE-2026-1334 | 1 Dassault Systemes | 1 Solidworks Edrawings | 2026-02-18 | 7.8 High |
| An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file. | ||||
| CVE-2026-1333 | 1 Dassault Systemes | 1 Solidworks Edrawings | 2026-02-18 | 7.8 High |
| A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file. | ||||
| CVE-2026-2441 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-18 | 8.8 High |
| Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-27171 | 1 Zlib | 1 Zlib | 2026-02-18 | 2.9 Low |
| zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. | ||||
| CVE-2026-27038 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27037 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27036 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27035 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27034 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27033 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27032 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-27031 | 2026-02-18 | N/A | ||
| Not used | ||||
| CVE-2026-23599 | 2026-02-18 | 7.8 High | ||
| A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges. | ||||
| CVE-2026-22048 | 2026-02-18 | 7.1 High | ||
| StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an authenticated attacker with low privileges to delete configuration data or deny access to some resources. | ||||
| CVE-2026-1344 | 1 Tanium | 1 Service Enforce Recovery-key-portal | 2026-02-18 | 6.5 Medium |
| Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. | ||||
| CVE-2026-2570 | 2026-02-17 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||