Export limit exceeded: 364021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364021 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-16220 1 Philips 2 Patient Information Center Ix, Performancebridge Focal Point 2026-02-23 4.3 Medium
In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.
CVE-2020-16218 1 Philips 1 Patient Information Center Ix 2026-02-23 3.5 Low
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.
CVE-2020-16216 1 Philips 24 Intellivue Mp2-mp90, Intellivue Mp2-mp90 Firmware, Intellivue Mx100 and 21 more 2026-02-23 6.5 Medium
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart.
CVE-2020-16214 1 Philips 1 Patient Information Center Ix 2026-02-23 5.0 Medium
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.
CVE-2020-14498 1 Hms-networks 1 Ecatcher 2026-02-23 9.6 Critical
HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
CVE-2021-36343 1 Dell 822 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 819 more 2026-02-23 7.5 High
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
CVE-2021-36342 1 Dell 822 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 819 more 2026-02-23 7.5 High
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
CVE-2022-2290 1 Triliumnotes 1 Trilium 2026-02-23 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.
CVE-2025-70152 2 Code-projects, Fabian 2 Scholars Tracking System, Scholars Tracking System 2026-02-23 9.8 Critical
code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization.
CVE-2025-13455 1 Lenovo 8 Thinkplus Fu100, Thinkplus Fu100 Firmware, Thinkplus Fu200 and 5 more 2026-02-23 7.8 High
A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.
CVE-2025-70151 2 Code-projects, Fabian 2 Scholars Tracking System, Scholars Tracking System 2026-02-23 8.8 High
code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied filename without validating the file type or extension. By uploading a PHP file and then requesting it from /uploads/, an attacker can execute arbitrary PHP code as the web server user.
CVE-2025-65017 1 Decidim 1 Decidim 2026-02-23 6.5 Medium
Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. This issue has been patched in versions 0.30.4 and 0.31.0.
CVE-2023-51763 1 Activeadmin 1 Active Admin 2026-02-23 9.8 Critical
csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.
CVE-2025-69806 1 P2r3 1 Bareiron 2026-02-23 7.5 High
p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server
CVE-2025-69807 1 P2r3 1 Bareiron 2026-02-23 7.5 High
p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server.
CVE-2020-0998 1 Microsoft 14 Windows 10, Windows 10 1607, Windows 10 1803 and 11 more 2026-02-23 7.8 High
<p>An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system.</p> <p>The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.</p>
CVE-2020-0997 1 Microsoft 11 Windows 10, Windows 10 1507, Windows 10 1607 and 8 more 2026-02-23 7.8 High
<p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of the Windows Camera Codec Pack. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how the Windows Camera Codec Pack handles objects in memory.</p>
CVE-2020-0989 1 Microsoft 9 Windows 10, Windows 10 1803, Windows 10 1809 and 6 more 2026-02-23 5.5 Medium
<p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and access files.</p> <p>The security update addresses the vulnerability by correcting the how Windows MDM Diagnostics handles files.</p>
CVE-2020-0951 1 Microsoft 12 Powershell, Powershell Core, Windows 10 and 9 more 2026-02-23 6.7 Medium
<p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.</p> <p>To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code.</p> <p>The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled.</p>
CVE-2020-0941 1 Microsoft 15 Windows 10, Windows 10 1507, Windows 10 1607 and 12 more 2026-02-23 5.5 Medium
<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how win32k handles objects in memory.</p>