Search

Search Results (363437 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59888 1 Eaton 1 Ups Companion 2026-02-18 6.7 Medium
Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.
CVE-2025-59886 1 Eaton 1 Xcomfort Ethernet Communication Interface 2026-02-18 8.8 High
Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the product. Upon retirement or end of support, there will be no new security updates, non-security updates, or paid assisted support options, or online technical content updates.
CVE-2025-67450 1 Eaton 1 Ups Companion 2026-02-18 7.8 High
Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.
CVE-2025-59887 1 Eaton 1 Ups Companion 2026-02-18 8.6 High
Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.
CVE-2025-69565 2 Code-projects, Fabian 2 Mobile Shop Management System, Mobile Shop Management System 2026-02-18 9.8 Critical
code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php.
CVE-2025-14714 3 Apple, Libreoffice, The Document Foundation 3 Macos, Libreoffice, Libreoffice 2026-02-18 6.5 Medium
An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges In fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions This issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.
CVE-2020-36645 1 Squareup 1 Squalor 2026-02-18 5.5 Medium
A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The patch is named f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623.
CVE-2025-57783 2 Hiawatha, Hiawatha-webserver 2 Web Server, Hiawatha 2026-02-18 5.3 Medium
Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver.
CVE-2025-57784 2 Hiawatha, Hiawatha-webserver 2 Web Server, Hiawatha 2026-02-18 4 Medium
Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.
CVE-2020-7796 1 Synacor 1 Zimbra Collaboration Suite 2026-02-18 9.8 Critical
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
CVE-2024-7694 1 Teamt5 1 Threatsonar Anti-ransomware 2026-02-18 7.2 High
ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.
CVE-2025-41350 2 Iest, Informatica Del Este 2 Winplus, Winplus 2026-02-18 5.4 Medium
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '/WinplusPortal/ws/sWinplus.svc/json/savesoldoc_post'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
CVE-2025-41349 2 Iest, Informatica Del Este 2 Winplus, Winplus 2026-02-18 5.4 Medium
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '/WinplusPortal/ws/sWinplus. svc/json/savesolpla_post'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
CVE-2025-41348 2 Iest, Informatica Del Este 2 Winplus, Winplus 2026-02-18 9.8 Critical
SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumper_post'.
CVE-2025-41347 2 Iest, Informatica Del Este 2 Winplus, Winplus 2026-02-18 9.8 Critical
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.
CVE-2025-41346 2 Iest, Informatica Del Este 2 Winplus, Winplus 2026-02-18 9.8 Critical
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.
CVE-2026-25421 2026-02-18 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE.
CVE-2026-27038 2026-02-18 N/A
Not used
CVE-2026-27037 2026-02-18 N/A
Not used
CVE-2026-27036 2026-02-18 N/A
Not used