Export limit exceeded: 363321 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363321 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-53662 1 Linux 1 Linux Kernel 2026-02-06 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} If the filename casefolding fails, we'll be leaking memory from the fscrypt_name struct, namely from the 'crypto_buf.name' member. Make sure we free it in the error path on both ext4_fname_setup_filename() and ext4_fname_prepare_lookup() functions.
CVE-2022-44151 1 Sanitization Management System Project 1 Sanitization Management System 2026-02-06 9.8 Critical
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
CVE-2025-4614 2 Palo Alto Networks, Paloaltonetworks 2 Pan-os, Pan-os 2026-02-06 2.7 Low
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked.   The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
CVE-2025-66415 1 Fastify 1 Reply-from 2026-02-06 5.4 Medium
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
CVE-2025-66410 2 Flipped-aurora, Gin-vue-admin Project 2 Gin-vue-admin, Gin-vue-admin 2026-02-06 9.1 Critical
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
CVE-2025-66400 2 Syntax-tree, Unifiedjs 2 Mdast-util-to-hast, Mdast-util-to-hast 2026-02-06 5.3 Medium
mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This vulnerability is fixed in 13.2.1.
CVE-2025-66401 2 Kapilduraphe, Mcp-watch Project 2 Mcp Watch, Mcp-watch 2026-02-06 9.8 Critical
MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host machine by appending shell metacharacters to the URL.
CVE-2025-49643 1 Zabbix 2 Frontend, Zabbix 2026-02-06 6.5 Medium
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
CVE-2025-27232 1 Zabbix 2 Frontend, Zabbix 2026-02-06 4.9 Medium
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
CVE-2024-36599 1 Aegon 1 Life Insurance Management System 2026-02-06 6.1 Medium
A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.
CVE-2024-36597 1 Projectworlds 1 Life Insurance Management System 2026-02-06 8.8 High
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
CVE-2024-32256 1 Phpgurukul 1 Tourism Management System 2026-02-06 8.1 High
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image.
CVE-2023-51951 1 Stock Management System Project 1 Stock Management System 2026-02-06 9.8 Critical
SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.
CVE-2025-4661 2 Broadcom, Brocade 2 Fabric Operating System, Fabric Os 2026-02-06 2.3 Low
A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit
CVE-2025-27461 1 Endress 2 Meac300-fnade4, Meac300-fnade4 Firmware 2026-02-06 7.6 High
During startup, the device automatically logs in the EPC2 Windows user without requesting a password.
CVE-2025-27460 1 Endress 2 Meac300-fnade4, Meac300-fnade4 Firmware 2026-02-06 7.6 High
The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker can read from and write to all files on the hard drives.
CVE-2025-27458 1 Endress 2 Meac300-fnade4, Meac300-fnade4 Firmware 2026-02-06 6.5 Medium
The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses match it is prooven that the client knows the correct password. Since all VNC communication is unencrypted, an attacker can obtain the challenge and response and try to derive the password from this information.
CVE-2025-27457 1 Endress 2 Meac300-fnade4, Meac300-fnade4 Firmware 2026-02-06 6.5 Medium
All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data.
CVE-2025-27456 1 Endress 2 Meac300-fnade4, Meac300-fnade4 Firmware 2026-02-06 7.5 High
The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
CVE-2025-27455 1 Endress 2 Meac300-fnade4, Meac300-fnade4 Firmware 2026-02-06 4.3 Medium
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects.