Export limit exceeded: 356074 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356074 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10554 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53156 | 1 Microsoft | 9 Server, Windows, Windows 11 24h2 and 6 more | 2026-02-13 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53136 | 1 Microsoft | 26 Windows, Windows 10 1507, Windows 10 1607 and 23 more | 2026-02-13 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53134 | 1 Microsoft | 29 Windows, Windows 10, Windows 10 1507 and 26 more | 2026-02-13 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-50154 | 1 Microsoft | 27 Windows, Windows 10 1507, Windows 10 1607 and 24 more | 2026-02-13 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-53781 | 1 Microsoft | 34 Dcadsv5 Series Azure Vm, Dcasv5 Series Azure Vm, Dcedsv5 Series Azure Vm and 31 more | 2026-02-13 | 7.7 High |
| Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-33051 | 1 Microsoft | 4 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 1 more | 2026-02-13 | 7.5 High |
| Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-12784 | 1 Hp | 135 7kw48a, 7kw48a Firmware, 7kw49a and 132 more | 2026-02-13 | 4.9 Medium |
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. | ||||
| CVE-2025-12785 | 1 Hp | 137 7kw48a, 7kw48a Firmware, 7kw49a and 134 more | 2026-02-13 | 7.5 High |
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. | ||||
| CVE-2025-54373 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-02-12 | 6.5 Medium |
| OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has Sensitivity=high, can be viewed and changed by users who do not have Sensitivities=high privilege. Version 7.0.4 fixes the issue. | ||||
| CVE-2025-67399 | 1 Airth | 1 Smart Home Aqi Monitor Bootloader | 2026-02-12 | 4.6 Medium |
| An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access | ||||
| CVE-2025-52026 | 1 Aptsys | 2 Gemscms, Gemscms Backend | 2026-02-12 | 7.5 High |
| An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions. | ||||
| CVE-2025-67274 | 1 Continuous.software | 1 Aangine | 2026-02-12 | 7.5 High |
| An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints | ||||
| CVE-2025-68686 | 1 Fortinet | 1 Fortios | 2026-02-12 | 5.3 Medium |
| An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level. | ||||
| CVE-2024-38030 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2026-02-10 | 6.5 Medium |
| Windows Themes Spoofing Vulnerability | ||||
| CVE-2024-38020 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2026-02-10 | 6.5 Medium |
| Microsoft Outlook Spoofing Vulnerability | ||||
| CVE-2024-38017 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 5.5 Medium |
| Microsoft Message Queuing Information Disclosure Vulnerability | ||||
| CVE-2024-38041 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2026-02-10 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2024-30081 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 7.1 High |
| Windows NTLM Spoofing Vulnerability | ||||
| CVE-2020-37114 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2026-02-10 | 4.3 Medium |
| GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization. | ||||
| CVE-2025-70963 | 1 Getgophish | 1 Gophish | 2026-02-10 | 7.6 High |
| Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context. | ||||