Search
Search Results (331785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21643 | 1 Fortinet | 1 Forticlientems | 2026-02-07 | 9.1 Critical |
| An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
| CVE-2026-0106 | 1 Google | 1 Android | 2026-02-07 | 9.3 Critical |
| In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-24302 | 1 Microsoft | 1 Azure Arc | 2026-02-07 | 8.6 High |
| Azure Arc Elevation of Privilege Vulnerability | ||||
| CVE-2026-24300 | 1 Microsoft | 1 Azure Front Door | 2026-02-07 | 9.8 Critical |
| Azure Front Door Elevation of Privilege Vulnerability | ||||
| CVE-2025-15566 | 1 Kubernetes | 1 Ingress-nginx | 2026-02-07 | 8.8 High |
| A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | ||||
| CVE-2026-25845 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25844 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25843 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25842 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25841 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25840 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25839 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25838 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25837 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2025-6021 | 2 Redhat, Xmlsoft | 29 Discovery, Enterprise Linux, Enterprise Linux Eus and 26 more | 2026-02-06 | 7.5 High |
| A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | ||||
| CVE-2023-6763 | 2026-02-06 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-15320 | 1 Tanium | 1 Client | 2026-02-06 | 3.3 Low |
| Tanium addressed a denial of service vulnerability in Tanium Client. | ||||
| CVE-2023-53546 | 1 Linux | 1 Linux Kernel | 2026-02-06 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx when mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory pointed by 'in' is not released, which will cause memory leak. Move memory release after mlx5_cmd_exec. | ||||
| CVE-2025-68138 | 2 Everest, Linuxfoundation | 2 Everest-core, Libocpp | 2026-02-06 | 4.7 Medium |
| EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue. | ||||
| CVE-2025-68139 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-02-06 | 4.3 Medium |
| EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for `terminate_connection_on_failed_response` is `False`, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the module are logged but do not trigger countermeasures such as session and connection reset or termination. This could be abused by a malicious user in order to exploit other weaknesses or vulnerabilities. While the default will stay at the setting that is described as potentially problematic in this reported issue, a mitigation is available by changing the `terminate_connection_on_failed_response` setting to `true`. However this cannot be set to this value by default since it can trigger errors in vehicle ECUs requiring ECU resets and lengthy unavailability in charging for vehicles. The maintainers judge this to be a much more important workaround then short-term unavailability of an EVSE, therefore this setting will stay at the current value. | ||||