Export limit exceeded: 356981 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356981 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8472 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38023 | 1 Microsoft | 1 Sharepoint Server | 2026-02-10 | 7.2 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2024-38022 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2026-02-10 | 7 High |
| Windows Image Acquisition Elevation of Privilege Vulnerability | ||||
| CVE-2024-38013 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2026-02-10 | 6.7 Medium |
| Microsoft Windows Server Backup Elevation of Privilege Vulnerability | ||||
| CVE-2025-10492 | 2 Cloud, Jaspersoft | 6 Jasperreports Io, Jasperreports Library, Jasperreports Server and 3 more | 2026-02-10 | 9.8 Critical |
| A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library | ||||
| CVE-2025-56230 | 1 Tencent | 2 Docs, Docs Desktop | 2026-02-10 | 7.5 High |
| Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component. | ||||
| CVE-2025-15328 | 2 Enforce, Tanium | 2 Enforce, Service Enforce | 2026-02-10 | 5 Medium |
| Tanium addressed an improper link resolution before file access vulnerability in Enforce. | ||||
| CVE-2025-15324 | 1 Tanium | 2 Engage, Service Engage | 2026-02-10 | 6.6 Medium |
| Tanium addressed a documentation issue in Engage. | ||||
| CVE-2025-15332 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.9 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-58741 | 1 Milner | 1 Imagedirector Capture | 2026-02-10 | 7.5 High |
| Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808. | ||||
| CVE-2025-58742 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | 5.9 Medium |
| Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808. | ||||
| CVE-2025-61140 | 1 Dchester | 1 Jsonpath | 2026-02-09 | 9.8 Critical |
| The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution. | ||||
| CVE-2025-62157 | 1 Argoproj | 2 Argo-workflows, Argo Workflows | 2026-02-06 | 6.5 Medium |
| Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissions to read pod logs in a namespace running Argo Workflows can read the workflow-controller logs and obtain credentials to the artifact repository. Update to versions 3.6.12 or 3.7.3 to remediate the vulnerability. No known workarounds exist. | ||||
| CVE-2025-56005 | 2 Dabeaz, Python | 2 Ply, Ply | 2026-02-06 | 9.8 Critical |
| An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pickle` allows execution of embedded code via `__reduce__()`, an attacker can achieve code execution by passing a malicious pickle file. The parameter is not mentioned in official documentation or the GitHub repository, yet it is active in the PyPI version. This introduces a stealthy backdoor and persistence risk. NOTE: A third-party states that this vulnerability should be rejected because the proof of concept does not demonstrate arbitrary code execution and fails to complete successfully. | ||||
| CVE-2025-27452 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | 5.3 Medium |
| The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable dircetory listing. | ||||
| CVE-2025-69581 | 1 Chamilo | 2 Chamilo, Chamilo Lms | 2026-02-05 | 5.5 Medium |
| An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks. | ||||
| CVE-2025-13225 | 1 Tanium | 1 Tanos | 2026-02-05 | 5.6 Medium |
| Tanium addressed an arbitrary file deletion vulnerability in TanOS. | ||||
| CVE-2025-63617 | 2 Alibaba, Kutangguo | 2 Fastjson, Ktg-mes | 2026-02-05 | 6.5 Medium |
| ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fastjson and deserializes unsafe input data. | ||||
| CVE-2025-13187 | 1 Intelbras | 3 Icip, Icip 30, Icip 30 Firmware | 2026-02-04 | 5.3 Medium |
| A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2018-20834 | 2 Isaacs, Redhat | 2 Tar, Rhel Software Collections | 2026-02-04 | N/A |
| A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2). | ||||
| CVE-2025-48780 | 1 Scshr | 1 Hr Portal | 2026-02-04 | 9.8 Critical |
| A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object. | ||||