Search
Search Results (332545 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23368 | 1 Redhat | 10 Build Keycloak, Data Grid, Integration and 7 more | 2026-02-11 | 8.1 High |
| A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. | ||||
| CVE-2025-4404 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-02-11 | 9.1 Critical |
| A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration. | ||||
| CVE-2025-25207 | 1 Redhat | 1 Connectivity Link | 2026-02-11 | 5.7 Medium |
| The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks. | ||||
| CVE-2026-2366 | 2026-02-11 | 3.1 Low | ||
| No description is available for this CVE. | ||||
| CVE-2025-0875 | 2026-02-11 | 6.5 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): before v26.0328. | ||||
| CVE-2024-4259 | 2 Sambas, Sampas Holding | 2 Akos, Akos | 2026-02-11 | 9.8 Critical |
| Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7. | ||||
| CVE-2023-6190 | 1 Ikcu | 1 University Information Management System | 2026-02-11 | 9.8 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023. | ||||
| CVE-2026-26044 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26043 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26042 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26041 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26040 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26039 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26038 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26037 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-26036 | 2026-02-11 | N/A | ||
| Not used | ||||
| CVE-2026-21349 | 1 Adobe | 1 Lightroom Desktop | 2026-02-11 | 7.8 High |
| Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-30513 | 1 Intel | 1 Tdx Module | 2026-02-11 | 7.9 High |
| Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-62676 | 1 Fortinet | 1 Forticlientwindows | 2026-02-11 | 6.4 Medium |
| An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages. | ||||
| CVE-2026-22153 | 1 Fortinet | 1 Fortios | 2026-02-11 | 7.5 High |
| An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way. | ||||