Search

Search Results (363500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-27318 2026-02-20 N/A
Not used
CVE-2026-27317 2026-02-20 N/A
Not used
CVE-2026-26995 2026-02-20 N/A
Further research determined the issue is an external dependency vulnerability.
CVE-2025-67706 3 Esri, Linux, Microsoft 4 Arcgis Server, Linux, Linux Kernel and 1 more 2026-02-19 5.6 Medium
ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded files to non‑executable storage locations and prevent modification or replacement of existing application components or system configurations. Uploaded files cannot be executed, leveraged to escalate privileges, or used to access sensitive data. Because the issue does not enable execution, service disruption, unauthorized access, or integrity compromise, its impact on confidentiality, integrity, and availability is low. Note that race conditions, secret values, or man‑in‑the‑middle conditions are required for exploitation.
CVE-2025-64724 2 Apple, Arduino 3 Macos, Arduino, Arduino Ide 2026-02-19 7.3 High
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the application, the malicious code executes with that user's privileges, enabling privilege escalation and unauthorized access to sensitive data. The fix is included starting from the `2.3.7` release.
CVE-2025-64723 2 Apple, Arduino 3 Macos, Arduino, Arduino Ide 2026-02-19 4.4 Medium
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the `2.3.7 ` release.
CVE-2025-13981 2 Artificial Intelligence Project, Drupal 2 Artificial Intelligence, Ai 2026-02-19 4.4 Medium
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4.
CVE-2025-13982 2 Drupal, Innoraft 2 Login Time Restriction, Login Time Restriction 2026-02-19 8.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3.
CVE-2025-69749 2 Otale, Tale Project 2 Tale Blog, Tale 2026-02-19 6.1 Medium
Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code.
CVE-2025-63649 2 Monkey, Monkey-project 2 Monkey, Monkey 2026-02-19 7.5 High
An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.
CVE-2025-63650 2 Monkey, Monkey-project 2 Monkey, Monkey 2026-02-19 7.5 High
An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVE-2025-63651 2 Monkey, Monkey-project 2 Monkey, Monkey 2026-02-19 7.5 High
A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVE-2025-70866 1 Lavalite 2 Cms, Lavalite 2026-02-19 8.8 High
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider without role-based access control verification.
CVE-2023-41970 1 Zscaler 1 Client Connector 2026-02-19 6 Medium
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.
CVE-2020-37170 1 Raimersoft 1 Tapinradio 2026-02-19 6.2 Medium
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
CVE-2020-37171 1 Raimersoft 1 Tapinradio 2026-02-19 6.2 Medium
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
CVE-2020-37164 2 Celestial Software, Celestialsoftware 2 Absolutetelnet, Absolutetelnet 2026-02-19 6.2 Medium
AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigger an application crash.
CVE-2020-37166 2 Celestial Software, Celestialsoftware 2 Absolutetelnet, Absolutetelnet 2026-02-19 6.2 Medium
AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate.
CVE-2025-70998 1 Utt 3 810, 810 Firmware, Hiper 810 2026-02-19 9.8 Critical
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.
CVE-2018-17366 1 Mingsoft 1 Mcms 2026-02-19 N/A
An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.