Search

Search Results (364863 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-27323 2026-02-20 N/A
Not used
CVE-2026-27322 2026-02-20 N/A
Not used
CVE-2026-27321 2026-02-20 N/A
Not used
CVE-2026-27320 2026-02-20 N/A
Not used
CVE-2026-27319 2026-02-20 N/A
Not used
CVE-2026-27318 2026-02-20 N/A
Not used
CVE-2026-27317 2026-02-20 N/A
Not used
CVE-2026-26995 2026-02-20 N/A
Further research determined the issue is an external dependency vulnerability.
CVE-2025-67706 3 Esri, Linux, Microsoft 4 Arcgis Server, Linux, Linux Kernel and 1 more 2026-02-19 5.6 Medium
ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded files to non‑executable storage locations and prevent modification or replacement of existing application components or system configurations. Uploaded files cannot be executed, leveraged to escalate privileges, or used to access sensitive data. Because the issue does not enable execution, service disruption, unauthorized access, or integrity compromise, its impact on confidentiality, integrity, and availability is low. Note that race conditions, secret values, or man‑in‑the‑middle conditions are required for exploitation.
CVE-2025-64724 2 Apple, Arduino 3 Macos, Arduino, Arduino Ide 2026-02-19 7.3 High
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the application, the malicious code executes with that user's privileges, enabling privilege escalation and unauthorized access to sensitive data. The fix is included starting from the `2.3.7` release.
CVE-2025-64723 2 Apple, Arduino 3 Macos, Arduino, Arduino Ide 2026-02-19 4.4 Medium
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the `2.3.7 ` release.
CVE-2025-13981 2 Artificial Intelligence Project, Drupal 2 Artificial Intelligence, Ai 2026-02-19 4.4 Medium
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4.
CVE-2025-13982 2 Drupal, Innoraft 2 Login Time Restriction, Login Time Restriction 2026-02-19 8.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3.
CVE-2025-69749 2 Otale, Tale Project 2 Tale Blog, Tale 2026-02-19 6.1 Medium
Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code.
CVE-2025-63649 2 Monkey, Monkey-project 2 Monkey, Monkey 2026-02-19 7.5 High
An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.
CVE-2025-63650 2 Monkey, Monkey-project 2 Monkey, Monkey 2026-02-19 7.5 High
An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVE-2025-63651 2 Monkey, Monkey-project 2 Monkey, Monkey 2026-02-19 7.5 High
A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVE-2025-70866 1 Lavalite 2 Cms, Lavalite 2026-02-19 8.8 High
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider without role-based access control verification.
CVE-2023-41970 1 Zscaler 1 Client Connector 2026-02-19 6 Medium
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.
CVE-2020-37170 1 Raimersoft 1 Tapinradio 2026-02-19 6.2 Medium
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.