Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364840 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53760 | 1 Microsoft | 4 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 1 more | 2026-02-13 | 7.1 High |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-53730 | 1 Microsoft | 8 365, 365 Apps, Office and 5 more | 2026-02-13 | 7.8 High |
| Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53727 | 1 Microsoft | 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more | 2026-02-13 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49758 | 1 Microsoft | 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more | 2026-02-13 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-49745 | 1 Microsoft | 1 Dynamics 365 | 2026-02-13 | 5.4 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-49751 | 1 Microsoft | 25 Hyper-v, Server, Windows and 22 more | 2026-02-13 | 6.8 Medium |
| Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | ||||
| CVE-2025-51958 | 1 Aelsantex | 1 Runcommand | 2026-02-13 | 9.8 Critical |
| aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php. | ||||
| CVE-2024-41355 | 1 Phpipam | 1 Phpipam | 2026-02-13 | 6.5 Medium |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php. | ||||
| CVE-2023-4451 | 2 Agentejo, Cockpit-hq | 2 Cockpit, Cockpit | 2026-02-13 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. | ||||
| CVE-2023-0676 | 1 Phpipam | 1 Phpipam | 2026-02-13 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. | ||||
| CVE-2021-35438 | 1 Phpipam | 1 Phpipam | 2026-02-13 | 6.1 Medium |
| phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. | ||||
| CVE-2018-15899 | 1 1234n | 1 Minicms | 2026-02-13 | N/A |
| An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability. | ||||
| CVE-2017-6541 | 1 Webpagetest Project | 1 Webpagetest | 2026-02-13 | N/A |
| Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/viewtest.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-6537 | 1 Webpagetest Project | 1 Webpagetest | 2026-02-13 | N/A |
| A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/video/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2017-6478 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2026-02-13 | 6.1 Medium |
| paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter). | ||||
| CVE-2017-6396 | 1 Webpagetest Project | 1 Webpagetest | 2026-02-13 | N/A |
| An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2025-64186 | 1 Evervault | 1 Evervault | 2026-02-13 | 8.7 High |
| Evervault is a payment security solution. A vulnerability was identified in the `evervault-go` SDK’s attestation verification logic in versions of `evervault-go` prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees. The exploitability of this issue is limited in Evervault-hosted environments as an attacker would require the pre-requisite ability to serve requests from specific evervault domain names, following from our ACME challenge based TLS certificate acquisition pipeline. The vulnerability primarily affects applications which only check PCR8. Though the efficacy is also reduced for applications that check all PCR values, the impact is largely remediated by checking PCR 0, 1 and 2. The identified issue has been addressed in version 1.3.2 by validating attestation documents before storing in the cache, and replacing the naive equality checks with a new SatisfiedBy check. Those who useevervault-go to attest Enclaves that are hosted outside of Evervault environments and cannot upgrade have two possible workarounds available. Modify the application logic to fail verification if PCR8 is not explicitly present and non-empty and/or add custom pre-validation to reject documents that omit any required PCRs. | ||||
| CVE-2025-63645 | 2 Ph7builder, Ph7software | 2 Ph7 Social Dating Builder, Ph7-social-dating-cms | 2026-02-13 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware encoding. As a result, attacker-controlled content executes in the recipient's browser context when the Inbox message is viewed. | ||||
| CVE-2025-12784 | 1 Hp | 135 7kw48a, 7kw48a Firmware, 7kw49a and 132 more | 2026-02-13 | 4.9 Medium |
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. | ||||
| CVE-2025-12785 | 1 Hp | 137 7kw48a, 7kw48a Firmware, 7kw49a and 134 more | 2026-02-13 | 7.5 High |
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. | ||||