Export limit exceeded: 365292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365292 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-36425 1 Ibm 1 Db2 2026-02-18 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.
CVE-2025-53000 2 Jupyter, Microsoft 2 Nbconvert, Windows 2026-02-18 7.8 High
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. This issue has been patched in version 7.17.0.
CVE-2023-33951 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux, Enterprise Linux For Real Time and 2 more 2026-02-18 6.7 Medium
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.
CVE-2022-31342 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 6.5 Medium
Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img.
CVE-2022-31343 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=.
CVE-2022-31344 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking.
CVE-2022-31345 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=.
CVE-2022-31346 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service.
CVE-2022-31347 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.
CVE-2022-31348 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=.
CVE-2022-31350 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.
CVE-2022-31351 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=.
CVE-2022-31352 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=.
CVE-2022-31353 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=.
CVE-2022-31354 1 Oretnom23 1 Online Car Wash Booking System 2026-02-18 9.8 Critical
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service.
CVE-2023-1041 1 Oretnom23 1 Simple Responsive Tourism Website 2026-02-18 3.5 Low
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/rate_review.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221799.
CVE-2023-6546 3 Fedoraproject, Linux, Redhat 9 Fedora, Linux Kernel, Enterprise Linux and 6 more 2026-02-18 7 High
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
CVE-2023-29130 1 Siemens 1 Simatic Cn 4100 Firmware 2026-02-18 9.9 Critical
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control.
CVE-2023-29131 1 Siemens 1 Simatic Cn 4100 Firmware 2026-02-18 7.4 High
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation.
CVE-2025-66624 1 Bacnetstack 1 Bacnet Stack 2026-02-18 7.5 High
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. Prior to 1.5.0.rc2, The npdu_is_expected_reply function in src/bacnet/npdu.c indexes request_pdu[offset+2/3/5] and reply_pdu[offset+1/2/4] without verifying that those APDU bytes exist. bacnet_npdu_decode() can return offset == 2 for a 2-byte NPDU, so tiny PDUs pass the version check and then get read out of bounds. On ASan/MPU/strict builds this is an immediate crash (DoS). On unprotected builds it is undefined behavior and can mis-route replies; RCE is unlikely because only reads occur, but DoS is reliable.