Export limit exceeded: 364880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61713 | 1 Fortinet | 1 Fortipam | 2026-02-10 | 3.8 Low |
| A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators' credentials via diagnose commands. | ||||
| CVE-2024-47569 | 1 Fortinet | 13 Fortimail, Fortimanager, Fortimanager Cloud and 10 more | 2026-02-10 | 4.2 Medium |
| A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets. | ||||
| CVE-2026-25981 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25980 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25979 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25978 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25977 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25976 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25975 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25974 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25973 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2020-37137 | 1 Php-fusion | 2 Php-fusion, Phpfusion | 2026-02-09 | 6.1 Medium |
| PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panel_content POST parameters to the panels.php administration endpoint to execute malicious code. | ||||
| CVE-2020-37133 | 2 Ultravnc, Uvnc | 2 Ultravnc, Ultravnc | 2026-02-09 | 7.5 High |
| UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash. | ||||
| CVE-2020-37132 | 2 Ultravnc, Uvnc | 2 Ultravnc, Ultravnc | 2026-02-09 | 6.2 Medium |
| UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality. | ||||
| CVE-2020-37130 | 2 Nsasoft, Nsauditor | 2 Nsauditor, Nsauditor | 2026-02-09 | 7.5 High |
| Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name field. | ||||
| CVE-2025-69212 | 1 Devcode | 1 Openstamanager | 2026-02-09 | 8.8 High |
| OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server. | ||||
| CVE-2025-69214 | 1 Devcode | 1 Openstamanager | 2026-02-09 | 8.8 High |
| OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the options[matricola] parameter. | ||||
| CVE-2025-69216 | 1 Devcode | 1 Openstamanager | 2026-02-09 | 6.5 Medium |
| OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any authenticated user to extract sensitive data from the database, including admin credentials, customer information, and financial records. The vulnerability exists in templates/scadenzario/init.php, where the id_anagrafica parameter is directly concatenated into an SQL query without proper sanitization. The vulnerability enables complete database read access through error-based SQL injection techniques. | ||||
| CVE-2025-2848 | 1 Synology | 2 Diskstation Manager, Mail Server | 2026-02-09 | 6.3 Medium |
| A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions. | ||||
| CVE-2024-7014 | 1 Telegram | 1 Telegram | 2026-02-09 | 8.1 High |
| EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. | ||||