Search
Search Results (331944 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21720 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2026-02-07 | 7.5 High |
| Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems. | ||||
| CVE-2026-21643 | 1 Fortinet | 1 Forticlientems | 2026-02-07 | 9.1 Critical |
| An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
| CVE-2026-0106 | 1 Google | 1 Android | 2026-02-07 | 9.3 Critical |
| In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-24302 | 1 Microsoft | 1 Azure Arc | 2026-02-07 | 8.6 High |
| Azure Arc Elevation of Privilege Vulnerability | ||||
| CVE-2026-24300 | 1 Microsoft | 1 Azure Front Door | 2026-02-07 | 9.8 Critical |
| Azure Front Door Elevation of Privilege Vulnerability | ||||
| CVE-2025-15566 | 1 Kubernetes | 1 Ingress-nginx | 2026-02-07 | 8.8 High |
| A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | ||||
| CVE-2026-25845 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25844 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25843 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25842 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25841 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25840 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25839 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25838 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2026-25837 | 2026-02-07 | N/A | ||
| Not used | ||||
| CVE-2025-6021 | 2 Redhat, Xmlsoft | 29 Discovery, Enterprise Linux, Enterprise Linux Eus and 26 more | 2026-02-06 | 7.5 High |
| A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | ||||
| CVE-2023-6763 | 2026-02-06 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-15320 | 1 Tanium | 1 Client | 2026-02-06 | 3.3 Low |
| Tanium addressed a denial of service vulnerability in Tanium Client. | ||||
| CVE-2023-53546 | 1 Linux | 1 Linux Kernel | 2026-02-06 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx when mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory pointed by 'in' is not released, which will cause memory leak. Move memory release after mlx5_cmd_exec. | ||||
| CVE-2025-68138 | 2 Everest, Linuxfoundation | 2 Everest-core, Libocpp | 2026-02-06 | 4.7 Medium |
| EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue. | ||||