Export limit exceeded: 364158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-2391 1 Mongodb 1 Js-bson 2026-02-23 4.2 Medium
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.
CVE-2019-2390 2 Microsoft, Mongodb 2 Windows, Mongodb 2026-02-23 8.2 High
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14 and MongoDB Server v3.4 prior to 3.4.22.
CVE-2019-2388 1 Mongodb 1 Ops Manager 2026-02-23 5.8 Medium
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
CVE-2019-2386 1 Mongodb 1 Mongodb 2026-02-23 7.1 High
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9; MongoDB Server v3.6 versions prior to 3.6.13 and MongoDB Server v3.4 versions prior to 3.4.22. Workaround: After deleting one or more users, restart any nodes which may have had active user authorization sessions. Refrain from creating user accounts with the same name as previously deleted accounts.
CVE-2025-15350 1 Anritsu 1 Vectorstar 2026-02-23 N/A
Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27039.
CVE-2025-15351 1 Anritsu 1 Vectorstar 2026-02-23 N/A
Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27040.
CVE-2025-70149 1 Codeastro 1 Membership Management System 2026-02-23 9.8 Critical
CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.
CVE-2025-70150 1 Codeastro 1 Membership Management System 2026-02-23 9.8 Critical
CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.
CVE-2024-55271 1 Phpgurukul 1 Gym Management System 2026-02-23 3.5 Low
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint.
CVE-2025-70141 2 Oretnom23, Sourcecodester 2 Customer Support System, Customer Support System 2026-02-23 9.4 Critical
SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An unauthenticated remote attacker can perform sensitive operations such as creating customers and deleting users (including the admin account), as well as modifying or deleting other application records (tickets, departments, comments), resulting in unauthorized data modification.
CVE-2025-41738 1 Codesys 22 Control For Beaglebone Sl, Control For Empc-a/imx6 Sl, Control For Empc-a\/imx6 Sl and 19 more 2026-02-23 7.5 High
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
CVE-2025-41700 1 Codesys 2 Codesys, Development System 2026-02-23 7.8 High
An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
CVE-2025-70296 2 Mealie, Mealie-recipes 2 Mealie, Mealie 2026-02-23 5.4 Medium
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view.
CVE-2025-70297 2 Mealie, Mealie-recipes 2 Mealie, Mealie 2026-02-23 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser.
CVE-2025-69210 1 Facturascripts 1 Facturascripts 2026-02-23 5.4 Medium
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting (XSS) vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These files are later rendered by the application without sufficient sanitization or content-type enforcement, allowing arbitrary JavaScript execution when the file is accessed. Because product files uploaded by regular users are visible to administrative users, this vulnerability can be leveraged to execute malicious JavaScript in an administrator’s browser session. Version 2025.7 fixes the issue.
CVE-2024-5462 1 Broadcom 1 Fabric Operating System 2026-02-23 7.5 High
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.
CVE-2024-5461 1 Broadcom 2 Brocade 6547, Fabric Operating System 2026-02-23 8.0 High
Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root.
CVE-2025-52603 1 Hcltech 1 Connections 2026-02-23 3.5 Low
HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser.
CVE-2025-15577 1 Valmet 2 Dna, Valmet Dna Web Tools 2026-02-23 7.5 High
An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older.
CVE-2013-6662 1 Google 1 Chrome 2026-02-23 6.5 Medium
Google Chrome caches TLS sessions before certificate validation occurs.