Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
77,965 matching · page 132/1560Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-27904(opens NVD record) | Medium | 6.5 | IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | Feb 17, 2026 |
| CVE-2025-27903(opens NVD record) | Medium | 5.9 | IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques. | Feb 17, 2026 |
| CVE-2025-27901(opens NVD record) | Medium | 6.5 | IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | Feb 17, 2026 |
| CVE-2025-27900(opens NVD record) | Medium | 6.8 | IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | Feb 17, 2026 |
| CVE-2025-27899(opens NVD record) | Medium | 5.3 | IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. | Feb 17, 2026 |
| CVE-2025-27898(opens NVD record) | Medium | 6.3 | IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. | Feb 17, 2026 |
| CVE-2025-13108(opens NVD record) | Medium | 5.5 | IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. | Feb 17, 2026 |
| CVE-2023-38265(opens NVD record) | Medium | 5.3 | IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system. | Feb 17, 2026 |
| CVE-2025-36019(opens NVD record) | Medium | 6.1 | IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Feb 17, 2026 |
| CVE-2025-36018(opens NVD record) | Medium | 6.5 | IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | Feb 17, 2026 |
| CVE-2024-43178(opens NVD record) | Medium | 5.9 | IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | Feb 17, 2026 |
| CVE-2025-36425(opens NVD record) | Medium | 5.3 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration. | Feb 17, 2026 |
| CVE-2025-36247(opens NVD record) | High | 7.1 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | Feb 17, 2026 |
| CVE-2025-14689(opens NVD record) | Medium | 6.5 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects. | Feb 17, 2026 |
| CVE-2025-13867(opens NVD record) | Medium | 6.5 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic | Feb 17, 2026 |
| CVE-2025-70397(opens NVD record) | High | 7.2 | jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter. | Feb 17, 2026 |
| CVE-2025-65753(opens NVD record) | High | 7.5 | An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root. | Feb 17, 2026 |
| CVE-2026-23204(opens NVD record) | High | 7.1 | In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro fooling u32_classify(): BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221 | Feb 14, 2026 |
| CVE-2026-2441(opens NVD record) | High | 8.8 | Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Feb 13, 2026 |
| CVE-2026-2026(opens NVD record) | Medium | 6.1 | A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks. | Feb 13, 2026 |
| CVE-2026-2443(opens NVD record) | Medium | 5.3 | A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component. | Feb 13, 2026 |
| CVE-2025-69752(opens NVD record) | Medium | 4.3 | An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL. | Feb 12, 2026 |
| CVE-2026-23857(opens NVD record) | High | 8.2 | Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | Feb 12, 2026 |
| CVE-2026-2323(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Feb 11, 2026 |
| CVE-2026-2322(opens NVD record) | Medium | 5.4 | Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Feb 11, 2026 |
| CVE-2026-2321(opens NVD record) | High | 8.8 | Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | Feb 11, 2026 |
| CVE-2026-2320(opens NVD record) | Medium | 6.5 | Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Feb 11, 2026 |
| CVE-2026-2319(opens NVD record) | High | 7.5 | Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium) | Feb 11, 2026 |
| CVE-2026-2318(opens NVD record) | Medium | 6.5 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Feb 11, 2026 |
| CVE-2026-2317(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Feb 11, 2026 |
| CVE-2026-2316(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Feb 11, 2026 |
| CVE-2026-2315(opens NVD record) | High | 8.8 | Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | Feb 11, 2026 |
| CVE-2026-2314(opens NVD record) | High | 8.8 | Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Feb 11, 2026 |
| CVE-2026-2313(opens NVD record) | High | 8.8 | Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Feb 11, 2026 |
| CVE-2025-69873(opens NVD record) | Low | 2.9 | ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0. | Feb 11, 2026 |
| CVE-2025-69872(opens NVD record) | Critical | 9.8 | DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache. | Feb 11, 2026 |
| CVE-2025-65480(opens NVD record) | High | 8.8 | An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution. | Feb 11, 2026 |
| CVE-2026-21347(opens NVD record) | High | 7.8 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-21346(opens NVD record) | High | 7.8 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-21345(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-21344(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-21343(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-21342(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-21341(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-23655(opens NVD record) | Medium | 6.5 | Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | Feb 10, 2026 |
| CVE-2026-21537(opens NVD record) | High | 8.8 | Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network. | Feb 10, 2026 |
| CVE-2026-21533(opens NVD record) | High | 7.8 | Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21531(opens NVD record) | Critical | 9.8 | Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network. | Feb 10, 2026 |
| CVE-2026-21529(opens NVD record) | Medium | 5.7 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network. | Feb 10, 2026 |
| CVE-2026-21528(opens NVD record) | Medium | 6.5 | Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | Feb 10, 2026 |