Export limit exceeded: 15475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363866 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9127 | 1 Purestorage | 2 Portworx, Px Enterprise | 2026-02-03 | 5.5 Medium |
| A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions. | ||||
| CVE-2025-71002 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.5 Medium |
| A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-71003 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-11235 | 2 Microsoft, Progress | 2 Windows, Moveit Transfer | 2026-02-03 | 3.7 Low |
| Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10. | ||||
| CVE-2025-30160 | 1 Redlib | 1 Redlib | 2026-02-03 | 7.5 High |
| Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability is fixed in 0.36.0. | ||||
| CVE-2025-58441 | 2 Eng, Knowage-suite | 2 Knowage, Knowage | 2026-02-03 | 6.5 Medium |
| Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker should be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37. | ||||
| CVE-2025-66560 | 1 Quarkus | 1 Quarkus | 2026-02-03 | 5.9 Medium |
| Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the associated worker thread is never released and becomes permanently blocked. Under sustained or repeated occurrences, this can exhaust the available worker threads, leading to degraded performance, or complete unavailability of the application. This issue has been patched in versions 3.31.0, 3.27.2, and 3.20.5. A workaround involves implementing a health check that monitors the status and saturation of the worker thread pool to detect abnormal thread retention early. | ||||
| CVE-2025-13983 | 2 Drupal, Factorial | 2 Tagify, Tagify | 2026-02-03 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.44. | ||||
| CVE-2025-71004 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.5 Medium |
| A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-71005 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.5 Medium |
| A floating point exception (FPE) in the oneflow.view component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-71006 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.5 Medium |
| A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-71007 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-71009 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.2 Medium |
| An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices. | ||||
| CVE-2025-71011 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.2 Medium |
| An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-63205 | 1 Bridgetech | 11 Nomad, Nomad Portable, Nomad Portable Firmware and 8 more | 2026-02-03 | 7.5 High |
| An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint. NOTE: the Supplier disagrees that 6.5.0-9 is affected, and instead reports that 5.6.0-3 and earlier are affected, and 5.6.0-4 (2020-09-21) and later are fixed. | ||||
| CVE-2025-63443 | 2 School Management System Php Project, School Management System Project | 2 School Management System Php, School Management System | 2026-02-03 | 5.4 Medium |
| School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter. | ||||
| CVE-2025-60503 | 1 Ultimatefosters | 1 Ultimatepos | 2026-02-03 | 8.7 High |
| A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions. | ||||
| CVE-2025-69559 | 2 Carmelo, Code-projects | 2 Computer Book Store, Computer Book Store | 2026-02-03 | 9.8 Critical |
| code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php. | ||||
| CVE-2025-49186 | 2 Avaya, Sick | 6 Media Server, Baggage Analytics, Field Analytics and 3 more | 2026-02-03 | 5.3 Medium |
| The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. | ||||
| CVE-2025-64523 | 1 Filebrowser | 1 Filebrowser | 2026-02-03 | 8.8 High |
| File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference (IDOR) vulnerability in the FileBrowser application's share deletion functionality. This vulnerability allows any authenticated user with share permissions to delete other users' shared links without authorization checks. The impact is significant as malicious actors can disrupt business operations by systematically removing shared files and links. This leads to denial of service for legitimate users, potential data loss in collaborative environments, and breach of data confidentiality agreements. In organizational settings, this could affect critical file sharing for projects, presentations, or document collaboration. Version 2.45.1 contains a fix for the issue. | ||||