Search

Search Results (364869 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-8273 1 Hypr 1 Hypr Server 2026-02-19 8.8 High
Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.
CVE-2025-71246 2026-02-19 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-71245 2026-02-19 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-68154 2 Microsoft, Systeminformation 2 Windows, Systeminformation 2026-02-19 8.1 High
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function. The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable. Version 5.27.14 contains a patch.
CVE-2025-64520 1 Glpi-project 1 Glpi 2026-02-19 6.5 Medium
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.
CVE-2025-68615 2 Debian, Net-snmp 2 Debian Linux, Net-snmp 2026-02-19 9.8 Critical
net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.
CVE-2025-61879 1 Infoblox 1 Nios 2026-02-19 7.7 High
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.
CVE-2025-61880 1 Infoblox 1 Nios 2026-02-19 8.8 High
In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.
CVE-2025-68952 2 Eigent, Eigent-ai 2 Eigent, Eigent 2026-02-19 9.8 Critical
Eigent is a multi-agent Workforce. In version 0.0.60, a 1-click Remote Code Execution (RCE) vulnerability has been identified in Eigent. This vulnerability allows an attacker to execute arbitrary code on the victim's machine or server through a specific interaction (1-click). This issue has been patched in version 0.0.61.
CVE-2026-2744 2026-02-19 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-70560 1 Jwohlwend 1 Boltz 2026-02-19 8.4 High
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achieve arbitrary code execution when the file is loaded.
CVE-2025-68432 2 Zed, Zed-industries 2 Zed, Zed 2026-02-19 7.8 High
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol (LSP) configurations from the `settings.json` file located within a project’s `.zed` subdirectory. A malicious LSP configuration can contain arbitrary shell commands that run on the host system with the privileges of the user running the IDE. This can be triggered when a user opens project file for which there is an LSP entry. A concerted effort by an attacker to seed a project settings file (`./zed/settings.json`) with malicious language server configurations could result in arbitrary code execution with the user's privileges if the user opens the project in Zed without reviewing the contents. Version 0.218.2-pre fixes the issue by implementing worktree trust mechanism. As a workaround, users should carefully review the contents of project settings files (`./zed/settings.json`) before opening new projects in Zed.
CVE-2025-68433 2 Zed, Zed-industries 2 Zed, Zed 2026-02-19 7.8 High
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol (MCP) configurations from the `settings.json` file located within a project’s `.zed` subdirectory. A malicious MCP configuration can contain arbitrary shell commands that run on the host system with the privileges of the user running the IDE. This can be triggered automatically without any user interaction besides opening the project in the IDE. Version 0.218.2-pre fixes the issue by implementing worktree trust mechanism. As a workaround, users should carefully review the contents of project settings files (`./zed/settings.json`) before opening new projects in Zed.
CVE-2025-36194 1 Ibm 1 Powervm Hypervisor 2026-02-19 2.8 Low
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations.
CVE-2025-36238 1 Ibm 1 Powervm Hypervisor 2026-02-19 6 Medium
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.
CVE-2025-36436 1 Ibm 1 Cloud Pak For Business Automation 2026-02-19 6.4 Medium
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007  is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2021-22175 1 Gitlab 1 Gitlab 2026-02-19 6.8 Medium
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled
CVE-2025-45769 1 Google 1 Firebase Php-jwt 2026-02-18 6.5 Medium
php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
CVE-2025-13821 1 Mattermost 2 Mattermost, Mattermost Server 2026-02-18 5.7 Medium
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID: MMSA-2025-00560
CVE-2022-50796 1 Sound4 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more 2026-02-18 9.8 Critical
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized access and code execution.