Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,925
Quick preset (or use dates below)
Clear Filters
Showing 12,141 - 12,160 of 14,675 CVEs
CVE-2026-24319 MEDIUM - 5.8

In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impac...

Vendor: SAP_SE
Product: SAP Business One (B1 Client Memory Dump Files)
Published: Feb 10, 2026
Source: NVD
CVE-2026-24312 MEDIUM - 5.2

An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data integrit...

Vendor: SAP_SE
Product: SAP Business Workflow
Published: Feb 10, 2026
Source: NVD
CVE-2026-23688 MEDIUM - 4.3

SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.

Vendor: SAP_SE
Product: SAP Fiori App (Manage Service Entry Sheets - Lean Services)
Published: Feb 10, 2026
Source: NVD
CVE-2026-23685 MEDIUM - 4.4

Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger unintended behavior during internal logic execution...

Vendor: SAP_SE
Product: SAP NetWeaver (JMS service)
Published: Feb 10, 2026
Source: NVD
CVE-2026-23684 MEDIUM - 5.9

A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value which could be checked out. This leads to high impact on data integrity, with no impact on data confiden...

Vendor: SAP_SE
Product: SAP Commerce Cloud
Published: Feb 10, 2026
Source: NVD
CVE-2026-23681 MEDIUM - 4.3

Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan subsequen...

Vendor: SAP_SE
Product: SAP Support Tools Plug-In
Published: Feb 10, 2026
Source: NVD
CVE-2026-0505 MEDIUM - 6.1

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availabili...

Vendor: sap
Product: document_management_system
Published: Feb 10, 2026
Source: NVD
CVE-2026-0486 MEDIUM - 5.0

In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.

Vendor: sap
Product: solution_tools_plug-in
Published: Feb 10, 2026
Source: NVD
CVE-2026-0484 MEDIUM - 6.5

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confident...

Vendor: sap
Product: sap_basis
Published: Feb 10, 2026
Source: NVD
CVE-2025-15314 MEDIUM - 5.5

Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.

Vendor: Tanium
Product: end-user-cx
Published: Feb 10, 2026
Source: NVD
CVE-2025-15313 MEDIUM - 5.5

Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.

Vendor: Tanium
Product: Tanium EUSS
Published: Feb 10, 2026
Source: NVD
CVE-2025-15147 MEDIUM - 4.3

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm_Memberships_Payment_Controller::processing' due to missing validation on a user cont...

Vendor: wclovers
Product: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace
Published: Feb 10, 2026
Source: NVD
CVE-2026-25957 MEDIUM - 6.5

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2.

Vendor: cube-js
Product: cube
Published: Feb 09, 2026
Source: NVD
CVE-2026-25934 MEDIUM - 4.3

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely ...

Vendor: go-git
Product: go-git
Published: Feb 09, 2026
Source: NVD
CVE-2025-15318 MEDIUM - 5.5

Tanium addressed an arbitrary file deletion vulnerability in Endpoint Configuration Toolset Solution.

Vendor: Tanium
Product: End-User Notifications Endpoint Tools
Published: Feb 09, 2026
Source: NVD
CVE-2026-25920 MEDIUM - 5.5

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, tA heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData() only validates half the range that DecodeOne() actually accesses. Opening a crafted .mobi file can ...

Vendor: sumatrapdfreader
Product: sumatrapdf
Published: Feb 09, 2026
Source: NVD

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify...

Vendor: RageAgainstThePixel
Product: unity-cli
Published: Feb 09, 2026
Source: NVD
CVE-2026-25889 MEDIUM - 5.4

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password (or an admin to change a...

Vendor: filebrowser
Product: filebrowser
Published: Feb 09, 2026
Source: NVD
CVE-2025-15317 MEDIUM - 6.5

Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.

Vendor: Tanium
Product: Tanium Server
Published: Feb 09, 2026
Source: NVD
CVE-2025-15316 MEDIUM - 6.7

Tanium addressed a local privilege escalation vulnerability in Tanium Server.

Vendor: Tanium
Product: Tanium Server
Published: Feb 09, 2026
Source: NVD