Export limit exceeded: 364866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364866 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-71250 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-27325 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27324 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27323 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27322 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27321 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27320 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27319 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27318 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27317 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-26995 | 2026-02-20 | N/A | ||
| Further research determined the issue is an external dependency vulnerability. | ||||
| CVE-2025-67706 | 3 Esri, Linux, Microsoft | 4 Arcgis Server, Linux, Linux Kernel and 1 more | 2026-02-19 | 5.6 Medium |
| ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded files to non‑executable storage locations and prevent modification or replacement of existing application components or system configurations. Uploaded files cannot be executed, leveraged to escalate privileges, or used to access sensitive data. Because the issue does not enable execution, service disruption, unauthorized access, or integrity compromise, its impact on confidentiality, integrity, and availability is low. Note that race conditions, secret values, or man‑in‑the‑middle conditions are required for exploitation. | ||||
| CVE-2025-64724 | 2 Apple, Arduino | 3 Macos, Arduino, Arduino Ide | 2026-02-19 | 7.3 High |
| Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the application, the malicious code executes with that user's privileges, enabling privilege escalation and unauthorized access to sensitive data. The fix is included starting from the `2.3.7` release. | ||||
| CVE-2025-64723 | 2 Apple, Arduino | 3 Macos, Arduino, Arduino Ide | 2026-02-19 | 4.4 Medium |
| Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the `2.3.7 ` release. | ||||
| CVE-2025-13981 | 2 Artificial Intelligence Project, Drupal | 2 Artificial Intelligence, Ai | 2026-02-19 | 4.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4. | ||||
| CVE-2025-13982 | 2 Drupal, Innoraft | 2 Login Time Restriction, Login Time Restriction | 2026-02-19 | 8.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3. | ||||
| CVE-2025-69749 | 2 Otale, Tale Project | 2 Tale Blog, Tale | 2026-02-19 | 6.1 Medium |
| Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code. | ||||
| CVE-2025-63649 | 2 Monkey, Monkey-project | 2 Monkey, Monkey | 2026-02-19 | 7.5 High |
| An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server. | ||||
| CVE-2025-63650 | 2 Monkey, Monkey-project | 2 Monkey, Monkey | 2026-02-19 | 7.5 High |
| An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||||
| CVE-2025-63651 | 2 Monkey, Monkey-project | 2 Monkey, Monkey | 2026-02-19 | 7.5 High |
| A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||||