Export limit exceeded: 365200 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365200 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31726 | 1 Alistgo | 1 Alist | 2026-02-13 | 7.5 High |
| AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. | ||||
| CVE-2025-68128 | 2026-02-13 | N/A | ||
| reserved but not needed | ||||
| CVE-2025-68127 | 2026-02-13 | N/A | ||
| reserved but not needed | ||||
| CVE-2025-68126 | 2026-02-13 | N/A | ||
| reserved but not needed | ||||
| CVE-2025-68125 | 2026-02-13 | N/A | ||
| reserved but not needed | ||||
| CVE-2025-68124 | 2026-02-13 | N/A | ||
| reserved but not needed | ||||
| CVE-2025-58184 | 2026-02-13 | N/A | ||
| reserved but not needed | ||||
| CVE-2025-58182 | 2026-02-13 | N/A | ||
| reserved but not needed | ||||
| CVE-2025-47915 | 2026-02-13 | N/A | ||
| reserved but not needed | ||||
| CVE-2024-34157 | 2026-02-13 | N/A | ||
| reserved but not needed | ||||
| CVE-2024-34154 | 2026-02-13 | N/A | ||
| reserved but not needed | ||||
| CVE-2023-45291 | 2026-02-13 | N/A | ||
| reserved but not needed | ||||
| CVE-2023-27533 | 5 Fedoraproject, Haxx, Netapp and 2 more | 15 Fedora, Curl, Active Iq Unified Manager and 12 more | 2026-02-13 | 9.8 Critical |
| A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. | ||||
| CVE-2023-23915 | 4 Haxx, Netapp, Redhat and 1 more | 13 Curl, Active Iq Unified Manager, Clustered Data Ontap and 10 more | 2026-02-13 | 6.5 Medium |
| A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS. | ||||
| CVE-2021-35942 | 4 Debian, Gnu, Netapp and 1 more | 8 Debian Linux, Glibc, Active Iq Unified Manager and 5 more | 2026-02-13 | 9.1 Critical |
| The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. | ||||
| CVE-2025-63648 | 1 Owntone | 2 Owntone-server, Owntone Server | 2026-02-13 | 7.5 High |
| A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server. | ||||
| CVE-2025-57156 | 1 Owntone | 2 Owntone-server, Owntone Server | 2026-02-13 | 7.5 High |
| NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash). | ||||
| CVE-2025-57155 | 1 Owntone | 2 Owntone-server, Owntone Server | 2026-02-13 | 7.5 High |
| NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service. | ||||
| CVE-2021-38383 | 1 Owntone | 1 Owntone Server | 2026-02-13 | 9.8 Critical |
| OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c. | ||||
| CVE-2025-25652 | 1 Eptura | 1 Archibus | 2026-02-13 | 7.5 High |
| In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. | ||||