Search Results (364799 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-47402 1 Qualcomm 189 Ar8035, Ar8035 Firmware, Cologne and 186 more 2026-02-11 6.5 Medium
Transient DOS when processing a received frame with an excessively large authentication information element.
CVE-2025-70983 2 Bladex, Springblade Project 2 Springblade, Springblade 2026-02-11 9.9 Critical
Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.
CVE-2025-67264 1 Doogee 7 Note59, Note59 Firmware, Note59 Pro and 4 more 2026-02-11 7.8 High
An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710
CVE-2025-61506 1 Mediacrush 1 Mediacrush 2026-02-11 9.8 Critical
An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.
CVE-2025-63372 2 Articentgroup, Microsoft 2 Zip Rar Extractor Tool, Windows 2026-02-11 4.3 Medium
Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents.
CVE-2025-63624 2 Sdkede, Shandong Kede 3 Iot Smart Water Meter, Iot Smart Water Meter Firmware, Iot Smart Water Meter Monitoring Platform 2026-02-11 9.8 Critical
SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file.
CVE-2025-52022 1 Aptsys 2 Gemscms Backend, Gemsloyalty 2026-02-11 5.3 Medium
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message.
CVE-2025-52023 1 Aptsys 2 Gemscms, Gemscms Backend 2026-02-11 5.3 Medium
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message.
CVE-2025-65875 2 Fpdf, Setasign 2 Fpdf, Fpdf 2026-02-11 8.8 High
An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2025-52025 1 Aptsys 2 Gemscms, Gemscms Backend 2026-02-11 9.4 Critical
An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification.
CVE-2025-52024 1 Aptsys 2 Gemscms Backend, Pos Platform Web Services 2026-02-11 9.4 Critical
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services, each with an HTML form for submitting test input. These panels are intended for developer use, but are accessible in production environments with no authentication or session validation. This grants any external actor the ability to discover, test, and execute API endpoints that perform critical functions including but not limited to user transaction retrieval, credit adjustments, POS actions, and internal data queries.
CVE-2025-69906 1 Monstra 1 Monstra Cms 2026-02-11 8.8 High
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution.
CVE-2025-69620 2 Moo Chan Song, Ntoolslab 2 Moo Chan Song, Office Reader 2026-02-11 5 Medium
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.
CVE-2025-67857 1 Moodle 1 Moodle 2026-02-11 4.3 Medium
A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.
CVE-2025-33081 2 Ibm, Linux 2 Concert, Linux Kernel 2026-02-11 3.3 Low
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.
CVE-2023-23408 1 Microsoft 2 Azure Hdinsight, Azure Hdinsights 2026-02-11 4.5 Medium
Azure Apache Ambari Spoofing Vulnerability
CVE-2023-35393 1 Microsoft 2 Azure Hdinsight, Azure Hdinsights 2026-02-11 4.5 Medium
Azure Apache Hive Spoofing Vulnerability
CVE-2023-35394 1 Microsoft 2 Azure Hdinsight, Azure Hdinsights 2026-02-11 4.6 Medium
Azure HDInsight Jupyter Notebook Spoofing Vulnerability
CVE-2023-36419 1 Microsoft 1 Azure Hdinsight 2026-02-11 8.8 High
Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability
CVE-2023-36877 1 Microsoft 2 Azure Hdinsight, Azure Hdinsights 2026-02-11 4.5 Medium
Azure Apache Oozie Spoofing Vulnerability