Export limit exceeded: 364926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364926 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68723 | 1 Axigen | 2 Axigen Mail Server, Mail Server | 2026-02-13 | 9 Critical |
| Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage feature, and (3) the Certificate File name parameter in the WebMail Listeners SSL settings. Attackers can inject malicious JavaScript payloads that execute in administrators' browsers when they access affected pages or features, enabling privilege escalation attacks where low-privileged admins can force high-privileged admins to perform unauthorized actions. | ||||
| CVE-2025-68721 | 1 Axigen | 2 Axigen Mail Server, Mail Server | 2026-02-13 | 8.1 High |
| Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section. | ||||
| CVE-2025-12073 | 1 Gitlab | 1 Gitlab | 2026-02-13 | 4.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality. | ||||
| CVE-2025-70368 | 1 Worklenz | 1 Worklenz | 2026-02-13 | 5.4 Medium |
| Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-59471 | 1 Vercel | 1 Next.js | 2026-02-13 | 5.9 Medium |
| A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that `remotePatterns` is configured to allow image optimization from external domains and that the attacker can serve or control a large image on an allowed domain. Strongly consider upgrading to 15.5.10 or 16.1.5 to reduce risk and prevent availability issues in Next applications. | ||||
| CVE-2025-59473 | 1 Expressionengine | 1 Expressionengine | 2026-02-13 | 7.2 High |
| SQL Injection vulnerability in the Structure for Admin authenticated user | ||||
| CVE-2024-43468 | 1 Microsoft | 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more | 2026-02-13 | 9.8 Critical |
| Microsoft Configuration Manager Remote Code Execution Vulnerability | ||||
| CVE-2026-26257 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26256 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26255 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26254 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26253 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26252 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26251 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26250 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2026-26249 | 2026-02-13 | N/A | ||
| Not used | ||||
| CVE-2020-0919 | 1 Microsoft | 1 Windows App | 2026-02-12 | 7.8 High |
| An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'. | ||||
| CVE-2025-54373 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-02-12 | 6.5 Medium |
| OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has Sensitivity=high, can be viewed and changed by users who do not have Sensitivities=high privilege. Version 7.0.4 fixes the issue. | ||||
| CVE-2025-67645 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-02-12 | 8.8 High |
| OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pubpid / pid) to reference another user’s record; the server accepts the modified IDs and applies the changes to that other user’s profile. This allows one user to alter another user’s profile data (name, contact info, etc.), and could enable account takeover. Version 7.0.4 fixes the issue. | ||||
| CVE-2025-54155 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-02-12 | 4.9 Medium |
| An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later | ||||