Export limit exceeded: 363502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 15475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363502 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-54097 1 Microsoft 13 Windows, Windows Server, Windows Server 2008 and 10 more 2026-02-20 6.5 Medium
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-54096 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-20 6.5 Medium
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-54095 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-20 6.5 Medium
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-53798 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-20 6.5 Medium
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-53797 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-20 6.5 Medium
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-49734 1 Microsoft 23 Powershell, Windows, Windows 10 and 20 more 2026-02-20 7 High
Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2020-37151 1 Ciprianmp 1 Phpmychat-plus 2026-02-20 8.2 High
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.
CVE-2025-33042 1 Apache 1 Avro 2026-02-20 7.3 High
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.
CVE-2025-67707 3 Esri, Linux, Microsoft 4 Arcgis Server, Linux, Linux Kernel and 1 more 2026-02-20 5.6 Medium
ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded files to non‑executable storage locations and prevent modification or replacement of existing application components or system configurations. Uploaded files cannot be executed, leveraged to escalate privileges, or used to access sensitive data. Because the issue does not enable execution, service disruption, unauthorized access, or integrity compromise, its impact on confidentiality, integrity, and availability is low. Note that race conditions, secret values, or man‑in‑the‑middle conditions are required for exploitation.
CVE-2020-36949 1 Raimersoft 1 Tapinradio 2026-02-20 7.5 High
TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fields to cause the application to become unresponsive and require reinstallation.
CVE-2025-70148 1 Codeastro 1 Membership Management System 2026-02-20 7.5 High
Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR).
CVE-2025-71247 1 Spip 1 Spip 2026-02-20 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-71248 1 Spip 1 Spip 2026-02-20 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-71249 1 Spip 1 Spip 2026-02-20 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-71250 1 Spip 1 Spip 2026-02-20 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-27325 2026-02-20 N/A
Not used
CVE-2026-27324 2026-02-20 N/A
Not used
CVE-2026-27323 2026-02-20 N/A
Not used
CVE-2026-27322 2026-02-20 N/A
Not used
CVE-2026-27321 2026-02-20 N/A
Not used