Search

Search Results (364922 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59471 1 Vercel 1 Next.js 2026-02-13 5.9 Medium
A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that `remotePatterns` is configured to allow image optimization from external domains and that the attacker can serve or control a large image on an allowed domain. Strongly consider upgrading to 15.5.10 or 16.1.5 to reduce risk and prevent availability issues in Next applications.
CVE-2025-59473 1 Expressionengine 1 Expressionengine 2026-02-13 7.2 High
SQL Injection vulnerability in the Structure for Admin authenticated user
CVE-2024-43468 1 Microsoft 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more 2026-02-13 9.8 Critical
Microsoft Configuration Manager Remote Code Execution Vulnerability
CVE-2026-26257 2026-02-13 N/A
Not used
CVE-2026-26256 2026-02-13 N/A
Not used
CVE-2026-26255 2026-02-13 N/A
Not used
CVE-2026-26254 2026-02-13 N/A
Not used
CVE-2026-26253 2026-02-13 N/A
Not used
CVE-2026-26252 2026-02-13 N/A
Not used
CVE-2026-26251 2026-02-13 N/A
Not used
CVE-2026-26250 2026-02-13 N/A
Not used
CVE-2026-26249 2026-02-13 N/A
Not used
CVE-2020-0919 1 Microsoft 1 Windows App 2026-02-12 7.8 High
An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'.
CVE-2025-54373 2 Open-emr, Openemr 2 Openemr, Openemr 2026-02-12 6.5 Medium
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has Sensitivity=high, can be viewed and changed by users who do not have Sensitivities=high privilege. Version 7.0.4 fixes the issue.
CVE-2025-67645 2 Open-emr, Openemr 2 Openemr, Openemr 2026-02-12 8.8 High
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pubpid / pid) to reference another user’s record; the server accepts the modified IDs and applies the changes to that other user’s profile. This allows one user to alter another user’s profile data (name, contact info, etc.), and could enable account takeover. Version 7.0.4 fixes the issue.
CVE-2025-54155 2 Qnap, Qnap Systems 2 File Station, File Station 5 2026-02-12 4.9 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
CVE-2025-54161 2 Qnap, Qnap Systems 2 File Station, File Station 5 2026-02-12 4.9 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later
CVE-2025-54162 2 Qnap, Qnap Systems 2 File Station, File Station 5 2026-02-12 4.9 Medium
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later
CVE-2025-54163 2 Qnap, Qnap Systems 2 File Station, File Station 5 2026-02-12 4.9 Medium
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later
CVE-2025-54169 2 Qnap, Qnap Systems 2 File Station, File Station 5 2026-02-12 6.5 Medium
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later