Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
9,687 matching · page 134/194Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-21241(opens NVD record) | High | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21240(opens NVD record) | High | 7.8 | Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21239(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21238(opens NVD record) | High | 7.8 | Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21237(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21236(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21235(opens NVD record) | High | 7.3 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21234(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21232(opens NVD record) | High | 7.8 | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21231(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21229(opens NVD record) | High | 8.0 | Improper input validation in Power BI allows an authorized attacker to execute code over a network. | Feb 10, 2026 |
| CVE-2026-21228(opens NVD record) | High | 8.1 | Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network. | Feb 10, 2026 |
| CVE-2026-21222(opens NVD record) | Medium | 5.5 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | Feb 10, 2026 |
| CVE-2026-21218(opens NVD record) | High | 7.5 | Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. | Feb 10, 2026 |
| CVE-2026-20846(opens NVD record) | High | 7.5 | Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | Feb 10, 2026 |
| CVE-2026-20841(opens NVD record) | High | 7.8 | Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally. | Feb 10, 2026 |
| CVE-2026-1997(opens NVD record) | Medium | 5.3 | Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device. | Feb 10, 2026 |
| CVE-2026-1996(opens NVD record) | Medium | 5.3 | Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection. | Feb 10, 2026 |
| CVE-2026-22153(opens NVD record) | High | 8.1 | An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way. | Feb 10, 2026 |
| CVE-2026-21743(opens NVD record) | High | 7.2 | A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint. | Feb 10, 2026 |
| CVE-2026-1603(opens NVD record) | High | 8.6 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. | Feb 10, 2026 |
| CVE-2026-1602(opens NVD record) | Medium | 6.5 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | Feb 10, 2026 |
| CVE-2025-68686(opens NVD record) | Medium | 5.9 | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level. | Feb 10, 2026 |
| CVE-2025-64157(opens NVD record) | Medium | 6.7 | A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. | Feb 10, 2026 |
| CVE-2025-62676(opens NVD record) | High | 7.1 | An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages. | Feb 10, 2026 |
| CVE-2025-55018(opens NVD record) | Medium | 5.8 | An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header | Feb 10, 2026 |
| CVE-2025-52436(opens NVD record) | High | 8.8 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests. | Feb 10, 2026 |
| CVE-2026-25639(opens NVD record) | High | 7.5 | Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5. | Feb 9, 2026 |
| CVE-2026-1731(opens NVD record) | Critical | 9.8 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user. | Feb 6, 2026 |
| CVE-2026-1709(opens NVD record) | Critical | 9.4 | A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate. | Feb 6, 2026 |
| CVE-2026-1769(opens NVD record) | Medium | 5.3 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com | Feb 6, 2026 |
| CVE-2026-24928(opens NVD record) | Medium | 5.8 | Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2026 |
| CVE-2026-24927(opens NVD record) | Medium | 5.5 | Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24924(opens NVD record) | Medium | 6.1 | Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2026 |
| CVE-2026-24920(opens NVD record) | Medium | 6.2 | Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24931(opens NVD record) | Medium | 5.9 | Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2026 |
| CVE-2026-24930(opens NVD record) | High | 8.4 | UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24929(opens NVD record) | Medium | 5.9 | Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24926(opens NVD record) | High | 8.4 | Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24925(opens NVD record) | High | 7.3 | Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24923(opens NVD record) | Medium | 6.3 | Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2026 |
| CVE-2026-24922(opens NVD record) | Medium | 6.9 | Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24921(opens NVD record) | Medium | 4.8 | Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | Feb 6, 2026 |
| CVE-2026-24919(opens NVD record) | Medium | 6.0 | Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24918(opens NVD record) | Medium | 6.8 | Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24917(opens NVD record) | Medium | 6.5 | UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24916(opens NVD record) | Medium | 5.9 | Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2026 |
| CVE-2026-24915(opens NVD record) | Medium | 6.2 | Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | Feb 6, 2026 |
| CVE-2026-24914(opens NVD record) | Medium | 4.0 | Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-21643(opens NVD record) | Critical | 9.8 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | Feb 6, 2026 |