Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,693
Quick preset (or use dates below)
Clear Filters
Showing 11,861 - 11,880 of 14,604 CVEs
CVE-2025-46305 MEDIUM - 5.5

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

Vendor: Apple
Product: macOS, iOS and iPadOS
Published: Feb 11, 2026
Source: NVD
CVE-2025-46304 MEDIUM - 5.5

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

Vendor: Apple
Product: macOS, iOS and iPadOS
Published: Feb 11, 2026
Source: NVD
CVE-2025-46303 MEDIUM - 5.5

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

Vendor: Apple
Product: macOS, iOS and iPadOS
Published: Feb 11, 2026
Source: NVD
CVE-2025-46302 MEDIUM - 5.5

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

Vendor: Apple
Product: macOS, iOS and iPadOS
Published: Feb 11, 2026
Source: NVD
CVE-2025-46301 MEDIUM - 5.5

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

Vendor: Apple
Product: macOS, iOS and iPadOS
Published: Feb 11, 2026
Source: NVD
CVE-2025-46300 MEDIUM - 5.5

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

Vendor: Apple
Product: macOS, iOS and iPadOS
Published: Feb 11, 2026
Source: NVD
CVE-2025-43537 MEDIUM - 5.5

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. Restoring a maliciously crafted backup file may lead to modification of protected system files.

Vendor: Apple
Product: iOS and iPadOS
Published: Feb 11, 2026
Source: NVD
CVE-2025-43417 MEDIUM - 5.5

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. An app may be able to access user-sensitive data.

Vendor: Apple
Product: macOS
Published: Feb 11, 2026
Source: NVD
CVE-2025-43403 MEDIUM - 5.5

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.

Vendor: Apple
Product: macOS
Published: Feb 11, 2026
Source: NVD
CVE-2026-26031 MEDIUM - 5.3

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by email) in batches. This vulnerability is fixed...

Vendor: frappe
Product: lms
Published: Feb 11, 2026
Source: NVD
CVE-2026-26023 MEDIUM - 6.1

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is fi...

Vendor: langgenius
Product: dify
Published: Feb 11, 2026
Source: NVD
CVE-2026-26012 MEDIUM - 6.5

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible to ...

Vendor: dani-garcia
Product: vaultwarden
Published: Feb 11, 2026
Source: NVD
CVE-2026-25062 MEDIUM - 5.5

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join(rootPath, node.key) and then read using fs.readFile without validation. By embedding path traversal ...

Vendor: outline
Product: outline
Published: Feb 11, 2026
Source: NVD
CVE-2020-37192 MEDIUM - 6.2

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive...

Vendor: Top Password Software
Product: MSN Password Recovery
Published: Feb 11, 2026
Source: NVD
CVE-2020-37172 MEDIUM - 5.3

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials w...

Vendor: AVideo
Product: AVideo Platform
Published: Feb 11, 2026
Source: NVD
CVE-2020-37158 MEDIUM - 5.3

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials w...

Vendor: AVideo
Product: AVideo Platform
Published: Feb 11, 2026
Source: NVD
CVE-2020-37156 MEDIUM - 6.5

BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain un...

Vendor: diveshlunker
Product: BloodX
Published: Feb 11, 2026
Source: NVD
CVE-2019-25313 MEDIUM - 4.0

FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a request that creates a new local admin account w...

Vendor: Flexera Software
Product: FlexNet Publisher
Published: Feb 11, 2026
Source: NVD
CVE-2024-50618 MEDIUM - 4.3

A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection mechanism. When the system is configured to allow login with internal accounts, an attacker can possibly obtain full authentication if the secr...

Vendor: cipplanner
Product: cipace
Published: Feb 11, 2026
Source: NVD
CVE-2024-26479 MEDIUM - 5.3

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function.

Published: Feb 11, 2026
Source: NVD