Export limit exceeded: 363519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363519 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69201 | 1 Quenary | 1 Tugtainer | 2026-02-20 | 9.8 Critical |
| Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent `POST api/command/run`. Version 1.15.1 fixes the issue. | ||||
| CVE-2025-36348 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-02-20 | 4.9 Medium |
| IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1 may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser. | ||||
| CVE-2025-65036 | 2 Xwiki, Xwikisas | 2 Pro Macros, Xwiki-pro-macros | 2026-02-20 | 8.3 High |
| XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1. | ||||
| CVE-2025-13333 | 1 Ibm | 1 Websphere Application Server | 2026-02-20 | 4.4 Medium |
| IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. | ||||
| CVE-2020-37100 | 2 Flexense, Syncbreeze | 2 Syncbreeze, Sync Breeze | 2026-02-20 | 7.8 High |
| Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process. | ||||
| CVE-2020-37158 | 2 Avideo, Wwbn | 2 Avideo Platform, Avideo | 2026-02-20 | 5.3 Medium |
| AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication. | ||||
| CVE-2021-44228 | 13 Apache, Apple, Bentley and 10 more | 177 Log4j, Xcode, Synchro and 174 more | 2026-02-20 | 10 Critical |
| Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. | ||||
| CVE-2025-47963 | 1 Microsoft | 1 Edge Chromium | 2026-02-20 | 6.3 Medium |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-47964 | 1 Microsoft | 2 Edge, Edge Chromium | 2026-02-20 | 5.4 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2025-47182 | 1 Microsoft | 1 Edge Chromium | 2026-02-20 | 5.6 Medium |
| Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2025-47977 | 1 Microsoft | 1 Nuance Digital Engagement Platform | 2026-02-20 | 8.2 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-47959 | 1 Microsoft | 2 Visual Studio, Visual Studio 2022 | 2026-02-20 | 7.1 High |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-47174 | 1 Microsoft | 8 365 Apps, Excel, Office and 5 more | 2026-02-20 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-55322 | 1 Microsoft | 1 Omniparser | 2026-02-20 | 7.3 High |
| Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-55238 | 1 Microsoft | 3 365, Dynamics 365, Dynamics 365 Fasttrack Implementation | 2026-02-20 | 7.5 High |
| Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability | ||||
| CVE-2025-55242 | 1 Microsoft | 1 Xbox Gaming Services | 2026-02-20 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-53791 | 1 Microsoft | 1 Edge Chromium | 2026-02-20 | 4.7 Medium |
| Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-55227 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2026-02-20 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-33069 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 24h2, Windows Server 2025 | 2026-02-20 | 5.1 Medium |
| Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-54917 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2026-02-20 | 4.3 Medium |
| Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||||