Export limit exceeded: 364909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364909 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-63647 1 Owntone 2 Owntone-server, Owntone Server 2026-02-13 7.5 High
A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server.
CVE-2025-24054 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2026-02-13 6.5 Medium
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2024-47067 2 Alist Project, Alistgo 2 Alist, Alist 2026-02-13 6.1 Medium
AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:link_name takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up to HTML tags via XHTML and thus leading to a XSS vulnerability. This vulnerability is fixed in 3.29.0.
CVE-2022-26533 1 Alistgo 1 Alist 2026-02-13 6.1 Medium
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.
CVE-2022-45968 1 Alistgo 1 Alist 2026-02-13 8.8 High
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).
CVE-2022-45969 1 Alistgo 1 Alist 2026-02-13 9.8 Critical
Alist v3.4.0 is vulnerable to Directory Traversal,
CVE-2022-45970 1 Alistgo 1 Alist 2026-02-13 5.4 Medium
Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.
CVE-2023-31726 1 Alistgo 1 Alist 2026-02-13 7.5 High
AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.
CVE-2025-68128 2026-02-13 N/A
reserved but not needed
CVE-2025-68127 2026-02-13 N/A
reserved but not needed
CVE-2025-68126 2026-02-13 N/A
reserved but not needed
CVE-2025-68125 2026-02-13 N/A
reserved but not needed
CVE-2025-68124 2026-02-13 N/A
reserved but not needed
CVE-2025-58184 2026-02-13 N/A
reserved but not needed
CVE-2025-58182 2026-02-13 N/A
reserved but not needed
CVE-2025-47915 2026-02-13 N/A
reserved but not needed
CVE-2024-34157 2026-02-13 N/A
reserved but not needed
CVE-2024-34154 2026-02-13 N/A
reserved but not needed
CVE-2023-45291 2026-02-13 N/A
reserved but not needed
CVE-2023-27533 5 Fedoraproject, Haxx, Netapp and 2 more 15 Fedora, Curl, Active Iq Unified Manager and 12 more 2026-02-13 9.8 Critical
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.