Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
78,346 matching · page 142/1567Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-64157(opens NVD record) | Medium | 6.7 | A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. | Feb 10, 2026 |
| CVE-2025-62676(opens NVD record) | High | 7.1 | An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages. | Feb 10, 2026 |
| CVE-2025-55018(opens NVD record) | Medium | 5.8 | An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header | Feb 10, 2026 |
| CVE-2025-52436(opens NVD record) | High | 8.8 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests. | Feb 10, 2026 |
| CVE-2026-25639(opens NVD record) | High | 7.5 | Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5. | Feb 9, 2026 |
| CVE-2026-1731(opens NVD record) | Critical | 9.8 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user. | Feb 6, 2026 |
| CVE-2026-1709(opens NVD record) | Critical | 9.4 | A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate. | Feb 6, 2026 |
| CVE-2026-1769(opens NVD record) | Medium | 5.3 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com | Feb 6, 2026 |
| CVE-2026-24928(opens NVD record) | Medium | 5.8 | Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2026 |
| CVE-2026-24927(opens NVD record) | Medium | 5.5 | Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24924(opens NVD record) | Medium | 6.1 | Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2026 |
| CVE-2026-24920(opens NVD record) | Medium | 6.2 | Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24931(opens NVD record) | Medium | 5.9 | Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2026 |
| CVE-2026-24930(opens NVD record) | High | 8.4 | UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24929(opens NVD record) | Medium | 5.9 | Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24926(opens NVD record) | High | 8.4 | Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24925(opens NVD record) | High | 7.3 | Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24923(opens NVD record) | Medium | 6.3 | Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2026 |
| CVE-2026-24922(opens NVD record) | Medium | 6.9 | Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24921(opens NVD record) | Medium | 4.8 | Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | Feb 6, 2026 |
| CVE-2026-24919(opens NVD record) | Medium | 6.0 | Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24918(opens NVD record) | Medium | 6.8 | Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24917(opens NVD record) | Medium | 6.5 | UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-24916(opens NVD record) | Medium | 5.9 | Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2026 |
| CVE-2026-24915(opens NVD record) | Medium | 6.2 | Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | Feb 6, 2026 |
| CVE-2026-24914(opens NVD record) | Medium | 4.0 | Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2026 |
| CVE-2026-21643(opens NVD record) | Critical | 9.8 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | Feb 6, 2026 |
| CVE-2026-24302(opens NVD record) | High | 8.6 | Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network. | Feb 5, 2026 |
| CVE-2026-24300(opens NVD record) | Critical | 9.8 | Azure Front Door Elevation of Privilege Vulnerability | Feb 5, 2026 |
| CVE-2026-21532(opens NVD record) | High | 8.2 | Azure Function Information Disclosure Vulnerability | Feb 5, 2026 |
| CVE-2026-0391(opens NVD record) | Medium | 6.5 | User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | Feb 5, 2026 |
| CVE-2025-69619(opens NVD record) | Medium | 5.5 | A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. | Feb 5, 2026 |
| CVE-2025-13379(opens NVD record) | High | 8.6 | IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | Feb 5, 2026 |
| CVE-2025-10258(opens NVD record) | Medium | 6.3 | Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information. | Feb 5, 2026 |
| CVE-2025-61732(opens NVD record) | High | 8.6 | A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. | Feb 5, 2026 |
| CVE-2024-51451(opens NVD record) | Medium | 6.5 | IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | Feb 4, 2026 |
| CVE-2024-43181(opens NVD record) | Medium | 6.3 | IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | Feb 4, 2026 |
| CVE-2025-2134(opens NVD record) | Low | 3.5 | IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling. | Feb 4, 2026 |
| CVE-2025-27550(opens NVD record) | Low | 3.5 | IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server. | Feb 4, 2026 |
| CVE-2025-1823(opens NVD record) | Low | 3.5 | IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources. | Feb 4, 2026 |
| CVE-2023-38281(opens NVD record) | Medium | 5.3 | IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | Feb 4, 2026 |
| CVE-2023-38017(opens NVD record) | Medium | 5.3 | IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Feb 4, 2026 |
| CVE-2023-38010(opens NVD record) | Medium | 5.3 | IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system. | Feb 4, 2026 |
| CVE-2026-23052(opens NVD record) | Medium | — | In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE multiplied by 2^order equals the actual capacity of the allocated page group. However, ENTRIES_PER_PAGE is PAGE_SIZE / ENTRY_SIZE (integer division). When PAGE_SIZE is not a multiple of ENTRY_SIZE (e.g. 4096 / 24 = 170 with remainder 16), high-order allocations (like 256 pages) have significantly more capacity than 256 * 170. This leads to pg_remaining being underestimated, which in turn makes skip (derived from skipped - pg_remaining) larger than expected, causing the WARN(skip != remaining) to trigger. Extra allocated pages for ftrace: 2 with 654 skipped WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7295 ftrace_process_locs+0x5bf/0x5e0 A similar problem in ftrace_allocate_records() can result in allocating too many pages. This can trigger the second warning in ftrace_process_locs(). Extra allocated pages for ftrace WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7276 ftrace_process_locs+0x548/0x580 Use the actual capacity of a page group to determine the number of pages to allocate. Have ftrace_allocate_pages() return the number of allocated pages to avoid having to calculate it. Use the actual page group capacity when validating the number of unused pages due to skipped entries. Drop the definition of ENTRIES_PER_PAGE since it is no longer used. | Feb 4, 2026 |
| CVE-2026-20123(opens NVD record) | Medium | 4.3 | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. | Feb 4, 2026 |
| CVE-2026-20111(opens NVD record) | Medium | 4.8 | A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials. | Feb 4, 2026 |
| CVE-2026-20098(opens NVD record) | High | 8.8 | A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in certain sections of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload arbitrary files to the affected system. The malicious files could overwrite system files that are processed by the root system account and allow arbitrary command execution with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of video operator. | Feb 4, 2026 |
| CVE-2026-22549(opens NVD record) | Medium | 4.9 | A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | Feb 4, 2026 |
| CVE-2025-70545(opens NVD record) | Medium | 6.1 | A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary JavaScript that is persistently stored and executed when the affected interface is accessed. | Feb 4, 2026 |
| CVE-2026-22548(opens NVD record) | Medium | 5.9 | When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | Feb 4, 2026 |