Search
Search Results (331812 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22613 | 2026-02-09 | 5.7 Medium | ||
| The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the Eaton download center. | ||||
| CVE-2025-48393 | 1 Eaton | 1 G4 Pdu | 2026-02-09 | 5.7 Medium |
| The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton G4 PDU which is available on the Eaton download center. | ||||
| CVE-2025-27234 | 1 Zabbix | 4 Zabbix, Zabbix-agent, Zabbix-agent2 and 1 more | 2026-02-08 | N/A |
| Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution. | ||||
| CVE-2025-41115 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2026-02-07 | 10 Critical |
| SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation. This vulnerability applies only if all of the following conditions are met: - `enableSCIM` feature flag set to true - `user_sync_enabled` config option in the `[auth.scim]` block set to true | ||||
| CVE-2026-21721 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2026-02-07 | 8.1 High |
| The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation. | ||||
| CVE-2026-21720 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2026-02-07 | 7.5 High |
| Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems. | ||||
| CVE-2026-21643 | 1 Fortinet | 1 Forticlientems | 2026-02-07 | 9.1 Critical |
| An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
| CVE-2026-0106 | 1 Google | 1 Android | 2026-02-07 | 9.3 Critical |
| In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-24302 | 1 Microsoft | 1 Azure Arc | 2026-02-07 | 8.6 High |
| Azure Arc Elevation of Privilege Vulnerability | ||||
| CVE-2026-24300 | 1 Microsoft | 1 Azure Front Door | 2026-02-07 | 9.8 Critical |
| Azure Front Door Elevation of Privilege Vulnerability | ||||
| CVE-2025-15566 | 1 Kubernetes | 1 Ingress-nginx | 2026-02-07 | 8.8 High |
| A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | ||||
| CVE-2026-25845 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25844 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25843 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25842 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25841 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25840 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25839 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25838 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25837 | 2026-02-07 | N/A | ||
| Not used | ||||