Search

Search Results (364947 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-68458 2 Webpack, Webpack.js 2 Webpack, Webpack 2026-02-13 3.7 Low
Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo (username:password@host). If allowedUris enforcement relies on a raw string prefix check (e.g., uri.startsWith(allowed)), a URL that looks allow-listed can pass validation while the actual network request is sent to a different authority/host after URL parsing. This is a policy/allow-list bypass that enables build-time SSRF behavior (outbound requests from the build machine to internal-only endpoints, depending on network access) and untrusted content inclusion (the fetched response is treated as module source and bundled). This issue has been patched in version 5.104.1.
CVE-2025-49742 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 7.8 High
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
CVE-2025-49741 1 Microsoft 1 Edge Chromium 2026-02-13 7.4 High
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVE-2025-49740 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2026-02-13 8.8 High
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-47999 1 Microsoft 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more 2026-02-13 6.8 Medium
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
CVE-2025-49732 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 7.8 High
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-49730 1 Microsoft 27 Windows, Windows 10, Windows 10 1507 and 24 more 2026-02-13 7.8 High
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
CVE-2025-49725 1 Microsoft 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more 2026-02-13 7.8 High
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
CVE-2025-49724 1 Microsoft 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more 2026-02-13 8.8 High
Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.
CVE-2025-49722 1 Microsoft 27 Windows, Windows 10, Windows 10 1507 and 24 more 2026-02-13 5.7 Medium
Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.
CVE-2025-49718 1 Microsoft 3 Sql Server, Sql Server 2019, Sql Server 2022 2026-02-13 7.5 High
Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.
CVE-2025-49705 1 Microsoft 13 365 Apps, Office, Office 2016 and 10 more 2026-02-13 7.8 High
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-49704 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-02-13 8.8 High
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-49701 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-02-13 8.8 High
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-49698 1 Microsoft 10 365 Apps, Office, Office 2019 and 7 more 2026-02-13 7.8 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-49693 1 Microsoft 9 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 6 more 2026-02-13 7.8 High
Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-49684 1 Microsoft 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more 2026-02-13 5.5 Medium
Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.
CVE-2025-49683 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 7.8 High
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
CVE-2025-49681 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-13 6.5 Medium
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-49680 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2026-02-13 7.3 High
Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.