Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
81,352 matching · page 191/1628Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-20608(opens NVD record) | Medium | 5.5 | This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. | Feb 11, 2026 |
| CVE-2026-1669(opens NVD record) | High | 7.5 | Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references. | Feb 11, 2026 |
| CVE-2026-26158(opens NVD record) | High | 7.0 | A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files. | Feb 11, 2026 |
| CVE-2026-26157(opens NVD record) | High | 7.0 | A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files. | Feb 11, 2026 |
| CVE-2026-25990(opens NVD record) | High | 7.5 | Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. | Feb 11, 2026 |
| CVE-2026-2323(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Feb 11, 2026 |
| CVE-2026-2322(opens NVD record) | Medium | 5.4 | Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Feb 11, 2026 |
| CVE-2026-2321(opens NVD record) | High | 8.8 | Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | Feb 11, 2026 |
| CVE-2026-2320(opens NVD record) | Medium | 6.5 | Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Feb 11, 2026 |
| CVE-2026-2319(opens NVD record) | High | 7.5 | Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium) | Feb 11, 2026 |
| CVE-2026-2318(opens NVD record) | Medium | 6.5 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Feb 11, 2026 |
| CVE-2026-2317(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Feb 11, 2026 |
| CVE-2026-2316(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Feb 11, 2026 |
| CVE-2026-2315(opens NVD record) | High | 8.8 | Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | Feb 11, 2026 |
| CVE-2026-2314(opens NVD record) | High | 8.8 | Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Feb 11, 2026 |
| CVE-2026-2313(opens NVD record) | High | 8.8 | Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Feb 11, 2026 |
| CVE-2025-69873(opens NVD record) | Low | 2.9 | ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0. | Feb 11, 2026 |
| CVE-2025-69872(opens NVD record) | Critical | 9.8 | DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache. | Feb 11, 2026 |
| CVE-2025-65480(opens NVD record) | High | 8.8 | An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution. | Feb 11, 2026 |
| CVE-2026-25869(opens NVD record) | High | 7.5 | MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted directory patterns. An attacker can exploit this behavior to cause the application to enumerate and display image files from unintended filesystem locations that are readable by the web server, resulting in unintended information disclosure. | Feb 11, 2026 |
| CVE-2026-25868(opens NVD record) | Medium | 6.1 | MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting (XSS) vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply HTML/JavaScript that is reflected in the response. Successful exploitation can lead to execution of arbitrary script in a victim's browser in the context of the vulnerable application. | Feb 11, 2026 |
| CVE-2026-1837(opens NVD record) | High | 7.5 | A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags). | Feb 11, 2026 |
| CVE-2026-25870(opens NVD record) | Medium | 5.8 | DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The implementation does not enforce allowlists, block internal or private IP address ranges, or apply request timeouts or response size limits. An attacker can abuse this behavior to induce the server to issue outbound requests to arbitrary hosts, including internal network resources, potentially enabling internal network scanning and denial of service through resource exhaustion. | Feb 10, 2026 |
| CVE-2026-26007(opens NVD record) | Medium | 6.5 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5. | Feb 10, 2026 |
| CVE-2026-25506(opens NVD record) | High | 7.7 | MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication. The vulnerability allows a buffer overflow by sending a crafted message with an oversized address length field, corrupting munged's internal state and enabling extraction of the MAC subkey used for credential verification. This vulnerability is fixed in 0.5.18. | Feb 10, 2026 |
| CVE-2026-21347(opens NVD record) | High | 7.8 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-21346(opens NVD record) | High | 7.8 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-21345(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-21344(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-21343(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-21342(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-21341(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Feb 10, 2026 |
| CVE-2026-25646(opens NVD record) | High | 8.1 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55. | Feb 10, 2026 |
| CVE-2026-23655(opens NVD record) | Medium | 6.5 | Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | Feb 10, 2026 |
| CVE-2026-21537(opens NVD record) | High | 8.8 | Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network. | Feb 10, 2026 |
| CVE-2026-21533(opens NVD record) | High | 7.8 | Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21531(opens NVD record) | Critical | 9.8 | Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network. | Feb 10, 2026 |
| CVE-2026-21529(opens NVD record) | Medium | 5.7 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network. | Feb 10, 2026 |
| CVE-2026-21528(opens NVD record) | Medium | 6.5 | Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | Feb 10, 2026 |
| CVE-2026-21527(opens NVD record) | Medium | 6.5 | User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | Feb 10, 2026 |
| CVE-2026-21525(opens NVD record) | Medium | 6.2 | Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. | Feb 10, 2026 |
| CVE-2026-21523(opens NVD record) | High | 8.0 | Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. | Feb 10, 2026 |
| CVE-2026-21522(opens NVD record) | Medium | 6.7 | Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21519(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21518(opens NVD record) | High | 8.8 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. | Feb 10, 2026 |
| CVE-2026-21517(opens NVD record) | Medium | 4.7 | Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 |
| CVE-2026-21516(opens NVD record) | High | 8.8 | Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network. | Feb 10, 2026 |
| CVE-2026-21514(opens NVD record) | High | 7.8 | Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally. | Feb 10, 2026 |
| CVE-2026-21513(opens NVD record) | High | 8.8 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. | Feb 10, 2026 |
| CVE-2026-21512(opens NVD record) | Medium | 6.5 | Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network. | Feb 10, 2026 |