Export limit exceeded: 15475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363165 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363165 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363165 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-65923 1 Frappe 1 Erpnext 2026-02-11 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious JavaScript code into a CSV field, which is then stored in the database and executed whenever the affected record is viewed by a user within the ERPNext web interface. This exposure may allow an attacker to compromise user sessions or perform unauthorized actions under the context of a victim's account.
CVE-2025-69429 1 Orico 2 Cd3510, Cd3510 Firmware 2026-02-11 6.1 Medium
The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, then access the USB drive's symlink directory mounted on the NAS to obtain all files within the NAS system and tamper with those files.
CVE-2025-69430 1 Yottamaster 6 Dm2, Dm200, Dm200 Firmware and 3 more 2026-02-11 6.1 Medium
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 (version equal to or prior to V1.9.12), DM3 (version equal to or prior to V1.9.12), and DM200 (version equal to or prior to V1.2.23) that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, then access the USB drive's symlink directory mounted on the NAS to obtain all files within the NAS system and tamper with those files.
CVE-2025-69431 1 Zspace 3 Q2c, Q2c Firmware, Q2c Nas 2026-02-11 6.1 Medium
The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Samba protocol. This allows them to obtain all files within the NAS system and tamper with those files.
CVE-2025-69848 1 Netbox 1 Netbox 2026-02-11 5.4 Medium
NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper escaping. This allows user-controlled content to be rendered in the web interface when a delete operation fails due to protected relationships, potentially enabling execution of arbitrary client-side code in the context of a privileged user.
CVE-2025-69875 1 Quickheal 1 Total Security 2026-02-11 7.8 High
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be abused by a local attacker to place files in high-privilege locations, potentially leading to privilege escalation.
CVE-2025-70841 2 Amcoders, Dokans 2 Dokans, Multitenancy Based Ecommerce Platform Saas 2026-02-11 10 Critical
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key (APP_KEY), database credentials, SMTP/SendGrid API credentials, and internal configuration parameters, enabling complete system compromise including authentication bypass via session token forgery, direct database access to all tenant data, and email infrastructure takeover. Due to the multi-tenancy architecture, this vulnerability affects all tenants in the system.
CVE-2025-61546 1 Edubusinesssolutions 1 Print Shop Pro Webdesk 2026-02-11 9.1 Critical
There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69) that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation controls.
CVE-2025-70849 1 Stefanprodan 1 Podinfo 2026-02-11 6.1 Medium
Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequate Content-Type validation, leading to Stored Cross-Site Scripting (XSS).
CVE-2025-63386 2 Dify, Langgenius 2 Dify, Dify 2026-02-11 9.1 Critical
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains to make authenticated requests. NOTE: the Supplier disputes this because the endpoint configuration is intentional to support bootstrap.
CVE-2025-21427 1 Qualcomm 358 205 Mobile, 205 Mobile Firmware, 215 Mobile and 355 more 2026-02-11 8.2 High
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
CVE-2026-26044 2026-02-11 N/A
Not used
CVE-2026-26043 2026-02-11 N/A
Not used
CVE-2026-26042 2026-02-11 N/A
Not used
CVE-2026-26041 2026-02-11 N/A
Not used
CVE-2026-26040 2026-02-11 N/A
Not used
CVE-2026-26039 2026-02-11 N/A
Not used
CVE-2026-26038 2026-02-11 N/A
Not used
CVE-2026-26037 2026-02-11 N/A
Not used
CVE-2026-26036 2026-02-11 N/A
Not used