Export limit exceeded: 364866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-71250 1 Spip 1 Spip 2026-02-20 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-27325 2026-02-20 N/A
Not used
CVE-2026-27324 2026-02-20 N/A
Not used
CVE-2026-27323 2026-02-20 N/A
Not used
CVE-2026-27322 2026-02-20 N/A
Not used
CVE-2026-27321 2026-02-20 N/A
Not used
CVE-2026-27320 2026-02-20 N/A
Not used
CVE-2026-27319 2026-02-20 N/A
Not used
CVE-2026-27318 2026-02-20 N/A
Not used
CVE-2026-27317 2026-02-20 N/A
Not used
CVE-2026-26995 2026-02-20 N/A
Further research determined the issue is an external dependency vulnerability.
CVE-2025-67706 3 Esri, Linux, Microsoft 4 Arcgis Server, Linux, Linux Kernel and 1 more 2026-02-19 5.6 Medium
ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded files to non‑executable storage locations and prevent modification or replacement of existing application components or system configurations. Uploaded files cannot be executed, leveraged to escalate privileges, or used to access sensitive data. Because the issue does not enable execution, service disruption, unauthorized access, or integrity compromise, its impact on confidentiality, integrity, and availability is low. Note that race conditions, secret values, or man‑in‑the‑middle conditions are required for exploitation.
CVE-2025-64724 2 Apple, Arduino 3 Macos, Arduino, Arduino Ide 2026-02-19 7.3 High
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the application, the malicious code executes with that user's privileges, enabling privilege escalation and unauthorized access to sensitive data. The fix is included starting from the `2.3.7` release.
CVE-2025-64723 2 Apple, Arduino 3 Macos, Arduino, Arduino Ide 2026-02-19 4.4 Medium
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the `2.3.7 ` release.
CVE-2025-13981 2 Artificial Intelligence Project, Drupal 2 Artificial Intelligence, Ai 2026-02-19 4.4 Medium
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4.
CVE-2025-13982 2 Drupal, Innoraft 2 Login Time Restriction, Login Time Restriction 2026-02-19 8.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3.
CVE-2025-69749 2 Otale, Tale Project 2 Tale Blog, Tale 2026-02-19 6.1 Medium
Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code.
CVE-2025-63649 2 Monkey, Monkey-project 2 Monkey, Monkey 2026-02-19 7.5 High
An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.
CVE-2025-63650 2 Monkey, Monkey-project 2 Monkey, Monkey 2026-02-19 7.5 High
An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVE-2025-63651 2 Monkey, Monkey-project 2 Monkey, Monkey 2026-02-19 7.5 High
A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.