Export limit exceeded: 364837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364837 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55325 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-22 | 5.5 Medium |
| Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55320 | 1 Microsoft | 5 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 2 more | 2026-02-22 | 6.8 Medium |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2025-55315 | 2 Microsoft, Redhat | 4 Asp.net Core, Visual Studio, Visual Studio 2022 and 1 more | 2026-02-22 | 9.9 Critical |
| Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-55247 | 3 Linux, Microsoft, Redhat | 3 Linux Kernel, .net, Enterprise Linux | 2026-02-22 | 7.3 High |
| Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-27534 | 2026-02-21 | N/A | ||
| Not used | ||||
| CVE-2026-27533 | 2026-02-21 | N/A | ||
| Not used | ||||
| CVE-2026-27532 | 2026-02-21 | N/A | ||
| Not used | ||||
| CVE-2026-27531 | 2026-02-21 | N/A | ||
| Not used | ||||
| CVE-2026-27530 | 2026-02-21 | N/A | ||
| Not used | ||||
| CVE-2026-27529 | 2026-02-21 | N/A | ||
| Not used | ||||
| CVE-2026-27528 | 2026-02-21 | N/A | ||
| Not used | ||||
| CVE-2026-27527 | 2026-02-21 | N/A | ||
| Not used | ||||
| CVE-2023-28798 | 1 Zscaler | 1 Client Connector | 2026-02-20 | 6.5 Medium |
| An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution. | ||||
| CVE-2023-4162 | 1 Broadcom | 1 Fabric Operating System | 2026-02-20 | 4.4 Medium |
| A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“. | ||||
| CVE-2025-4663 | 1 Broadcom | 1 Fabric Operating System | 2026-02-20 | 4.9 Medium |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inline ssh, and the corresponding ssh session is terminated with Control C (^c ) before supportsave completion. This issue affects Brocade Fabric OS 9.0.0 through 9.2.2 | ||||
| CVE-2024-7517 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2026-02-20 | 7.8 High |
| A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack. | ||||
| CVE-2025-66405 | 2 Portkey, Portkey-ai | 2 Gateway, Gateway | 2026-02-20 | 9.8 Critical |
| Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0. | ||||
| CVE-2025-7808 | 2 Fahadmahmood, Wordpress | 2 External Store For Shopify, Wordpress | 2026-02-20 | 6.1 Medium |
| The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2025-68699 | 1 Emqx | 1 Nanomq | 2026-02-20 | 6.5 Medium |
| NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). A malformed SUBSCRIBE topic such as $share/ab (missing the second /) is not strictly validated during the subscription stage, so the invalid Topic Filter is stored into the subscription table. Later, when any PUBLISH matches this subscription, the broker send path (nmq_pipe_send_start_v4/v5) performs a second $share/ parsing using strchr() and increments the returned pointer without NULL checks. If the second strchr() returns NULL, sub_topic++ turns the pointer into an invalid address (e.g. 0x1). This invalid pointer is then passed into topic_filtern(), which triggers strlen() and crashes with SIGSEGV. The crash is stable and remotely triggerable. This issue has been patched in version 0.24.7. | ||||
| CVE-2024-0407 | 1 Hp | 428 17f27aw, 19gsaw, 1ps54a and 425 more | 2026-02-20 | 6.5 Medium |
| Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store. | ||||