Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,905
Quick preset (or use dates below)
Clear Filters
Showing 12,361 - 12,380 of 14,675 CVEs
CVE-2025-15327 MEDIUM - 4.3

Tanium addressed an improper access controls vulnerability in Deploy.

Vendor: Tanium
Product: Deploy
Published: Feb 05, 2026
Source: NVD
CVE-2025-15326 MEDIUM - 4.3

Tanium addressed an improper access controls vulnerability in Patch.

Vendor: Tanium
Product: Patch
Published: Feb 05, 2026
Source: NVD
CVE-2025-15325 MEDIUM - 6.3

Tanium addressed an improper input validation vulnerability in Discover.

Vendor: Tanium
Product: Discover
Published: Feb 05, 2026
Source: NVD
CVE-2025-15324 MEDIUM - 6.6

Tanium addressed a documentation issue in Engage.

Vendor: Tanium
Product: Engage
Published: Feb 05, 2026
Source: NVD
CVE-2025-15312 MEDIUM - 6.6

Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.

Vendor: Tanium
Product: Tanium Appliance
Published: Feb 05, 2026
Source: NVD
CVE-2025-68121 MEDIUM - 4.8

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned...

Vendor: Go standard library
Product: crypto/tls
Published: Feb 05, 2026
Source: NVD
CVE-2025-58190 MEDIUM - 5.3

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Vendor: golang.org/x/net
Product: golang.org/x/net/html
Published: Feb 05, 2026
Source: NVD
CVE-2025-47911 MEDIUM - 5.3

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Vendor: golang.org/x/net
Product: golang.org/x/net/html
Published: Feb 05, 2026
Source: NVD
CVE-2025-15551 MEDIUM - 5.6

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on...

Vendor: TP-Link Systems Inc., TP Link Systems Inc.
Product: Archer MR200 v5.2, Archer C20 v6, TL-WR850N v3, TL-WR845N v4
Published: Feb 05, 2026
Source: NVD

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are pa...

Vendor: rust
Product: time
Published: Feb 05, 2026
Source: GitHub
CVE-2026-25516 MEDIUM - 6.1

NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content...

Vendor: pip
Product: nicegui
Published: Feb 05, 2026
Source: GitHub
CVE-2025-70792 MEDIUM - 6.1

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's br...

Vendor: composer
Product: microweber/microweber
Published: Feb 05, 2026
Source: NVD
CVE-2025-70791 MEDIUM - 6.1

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim&#...

Vendor: composer
Product: microweber/microweber
Published: Feb 05, 2026
Source: NVD
CVE-2025-68643 MEDIUM - 6.1

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by ex...

Vendor: axigen
Product: axigen_mail_server
Published: Feb 05, 2026
Source: NVD
CVE-2020-37152 MEDIUM - 6.1

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting...

Vendor: PHP-Fusion
Product: PHP-Fusion
Published: Feb 05, 2026
Source: NVD
CVE-2020-37145 MEDIUM - 4.3

HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accou...

Vendor: HRSALE
Product: HRSALE
Published: Feb 05, 2026
Source: NVD
CVE-2020-37144 MEDIUM - 5.3

Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without the...

Vendor: Exagate
Product: Sysguard 6001
Published: Feb 05, 2026
Source: NVD
CVE-2020-37140 MEDIUM - 5.5

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger a...

Vendor: FinalWire
Product: Everest
Published: Feb 05, 2026
Source: NVD
CVE-2020-37137 MEDIUM - 6.1

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panel_content POST paramete...

Vendor: PHP Fusion
Product: PHP Fusion
Published: Feb 05, 2026
Source: NVD
CVE-2020-37132 MEDIUM - 6.2

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launc...

Vendor: UltraVNC Team
Product: UltraVNC Launcher
Published: Feb 05, 2026
Source: NVD