Export limit exceeded: 364926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-68723 1 Axigen 2 Axigen Mail Server, Mail Server 2026-02-13 9 Critical
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage feature, and (3) the Certificate File name parameter in the WebMail Listeners SSL settings. Attackers can inject malicious JavaScript payloads that execute in administrators' browsers when they access affected pages or features, enabling privilege escalation attacks where low-privileged admins can force high-privileged admins to perform unauthorized actions.
CVE-2025-68721 1 Axigen 2 Axigen Mail Server, Mail Server 2026-02-13 8.1 High
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section.
CVE-2025-12073 1 Gitlab 1 Gitlab 2026-02-13 4.3 Medium
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality.
CVE-2025-70368 1 Worklenz 1 Worklenz 2026-02-13 5.4 Medium
Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
CVE-2025-59471 1 Vercel 1 Next.js 2026-02-13 5.9 Medium
A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that `remotePatterns` is configured to allow image optimization from external domains and that the attacker can serve or control a large image on an allowed domain. Strongly consider upgrading to 15.5.10 or 16.1.5 to reduce risk and prevent availability issues in Next applications.
CVE-2025-59473 1 Expressionengine 1 Expressionengine 2026-02-13 7.2 High
SQL Injection vulnerability in the Structure for Admin authenticated user
CVE-2024-43468 1 Microsoft 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more 2026-02-13 9.8 Critical
Microsoft Configuration Manager Remote Code Execution Vulnerability
CVE-2026-26257 2026-02-13 N/A
Not used
CVE-2026-26256 2026-02-13 N/A
Not used
CVE-2026-26255 2026-02-13 N/A
Not used
CVE-2026-26254 2026-02-13 N/A
Not used
CVE-2026-26253 2026-02-13 N/A
Not used
CVE-2026-26252 2026-02-13 N/A
Not used
CVE-2026-26251 2026-02-13 N/A
Not used
CVE-2026-26250 2026-02-13 N/A
Not used
CVE-2026-26249 2026-02-13 N/A
Not used
CVE-2020-0919 1 Microsoft 1 Windows App 2026-02-12 7.8 High
An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'.
CVE-2025-54373 2 Open-emr, Openemr 2 Openemr, Openemr 2026-02-12 6.5 Medium
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has Sensitivity=high, can be viewed and changed by users who do not have Sensitivities=high privilege. Version 7.0.4 fixes the issue.
CVE-2025-67645 2 Open-emr, Openemr 2 Openemr, Openemr 2026-02-12 8.8 High
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pubpid / pid) to reference another user’s record; the server accepts the modified IDs and applies the changes to that other user’s profile. This allows one user to alter another user’s profile data (name, contact info, etc.), and could enable account takeover. Version 7.0.4 fixes the issue.
CVE-2025-54155 2 Qnap, Qnap Systems 2 File Station, File Station 5 2026-02-12 4.9 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later