Export limit exceeded: 363500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-67683 1 Opensolution 1 Quick.cart 2026-02-19 6.1 Medium
Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVE-2025-67684 1 Opensolution 1 Quick.cart 2026-02-19 7.2 High
Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code, resulting in Remote Code Execution on the server. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVE-2025-70397 1 Jizhicms 1 Jizhicms 2026-02-19 7.2 High
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.
CVE-2020-37165 2 Celestial Software, Celestialsoftware 2 Absolutetelnet, Absolutetelnet 2026-02-19 6.2 Medium
AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigger an application crash.
CVE-2023-24769 1 Webtechnologies 1 Changedetection 2026-02-19 5.4 Medium
Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.
CVE-2024-23329 1 Webtechnologies 1 Changedetection 2026-02-19 3.7 Low
changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users' data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-59029 1 Powerdns 1 Recursor 2026-02-19 5.3 Medium
An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.
CVE-2025-59030 1 Powerdns 1 Recursor 2026-02-19 7.5 High
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.
CVE-2025-5471 2 Apple, Yandex 2 Macos, Yandex Telemost 2026-02-19 7.8 High
Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1.
CVE-2024-8273 1 Hypr 1 Hypr Server 2026-02-19 8.8 High
Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.
CVE-2025-71246 2026-02-19 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-71245 2026-02-19 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-68154 2 Microsoft, Systeminformation 2 Windows, Systeminformation 2026-02-19 8.1 High
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function. The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable. Version 5.27.14 contains a patch.
CVE-2025-64520 1 Glpi-project 1 Glpi 2026-02-19 6.5 Medium
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.
CVE-2025-68615 2 Debian, Net-snmp 2 Debian Linux, Net-snmp 2026-02-19 9.8 Critical
net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.
CVE-2025-61879 1 Infoblox 1 Nios 2026-02-19 7.7 High
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.
CVE-2025-61880 1 Infoblox 1 Nios 2026-02-19 8.8 High
In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.
CVE-2025-68952 2 Eigent, Eigent-ai 2 Eigent, Eigent 2026-02-19 9.8 Critical
Eigent is a multi-agent Workforce. In version 0.0.60, a 1-click Remote Code Execution (RCE) vulnerability has been identified in Eigent. This vulnerability allows an attacker to execute arbitrary code on the victim's machine or server through a specific interaction (1-click). This issue has been patched in version 0.0.61.
CVE-2026-2744 2026-02-19 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-70560 1 Jwohlwend 1 Boltz 2026-02-19 8.4 High
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achieve arbitrary code execution when the file is loaded.