Total
336347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0579 | 1 Snipeitapp | 1 Snipe-it | 2026-02-24 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
|
|||||
| CVE-2022-0569 | 1 Snipeitapp | 1 Snipe-it | 2026-02-24 | 4.3 MEDIUM | 5.3 MEDIUM |
|
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
|
|||||
| CVE-2022-0565 | 1 Pimcore | 1 Pimcore | 2026-02-24 | 5.0 MEDIUM | 7.6 HIGH |
|
Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.
|
|||||
| CVE-2022-0536 | 1 Follow-redirects Project | 1 Follow-redirects | 2026-02-24 | 4.3 MEDIUM | 2.6 LOW |
|
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.
|
|||||
| CVE-2022-0528 | 1 Transloadit | 1 Uppy | 2026-02-24 | 5.0 MEDIUM | 6.5 MEDIUM |
|
Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1.
|
|||||
| CVE-2022-0355 | 1 Simple-get Project | 1 Simple-get | 2026-02-24 | 5.0 MEDIUM | 8.8 HIGH |
|
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.
|
|||||
| CVE-2022-0338 | 1 Loguru Project | 1 Loguru | 2026-02-24 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3.
|
|||||
| CVE-2022-0282 | 1 Microweber | 1 Microweber | 2026-02-24 | 5.0 MEDIUM | 4.3 MEDIUM |
|
Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.
|
|||||
| CVE-2022-0178 | 1 Snipeitapp | 1 Snipe-it | 2026-02-24 | 5.5 MEDIUM | 6.3 MEDIUM |
|
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
|
|||||
| CVE-2022-0121 | 1 Hoppscotch | 1 Hoppscotch | 2026-02-24 | 6.0 MEDIUM | 8.0 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1.
|
|||||
| CVE-2024-38882 | 1 Horizoncloud | 1 Caterease | 2026-02-24 | N/A | 9.8 CRITICAL |
|
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command.
|
|||||
| CVE-2024-38881 | 1 Horizoncloud | 1 Caterease | 2026-02-24 | N/A | 7.5 HIGH |
|
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords.
|
|||||
| CVE-2024-38891 | 1 Horizoncloud | 1 Caterease | 2026-02-24 | N/A | 7.5 HIGH |
|
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.
|
|||||
| CVE-2026-24686 | 1 Theupdateframework | 1 Go-tuf | 2026-02-24 | N/A | 4.7 MEDIUM |
|
go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses the map file repository name string (`repoName`) as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application accepts a map file from an untrusted source, an attacker can supply a `repoName` containing traversal (e.g., `../escaped-repo`) and cause go-tuf to create directories and write the root metadata file ...
Show More |
|||||
| CVE-2024-38886 | 1 Horizoncloud | 1 Caterease | 2026-02-24 | N/A | 9.8 CRITICAL |
|
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.
|
|||||
| CVE-2025-71240 | 1 Spip | 1 Spip | 2026-02-24 | N/A | 5.4 MEDIUM |
|
SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser.
|
|||||
| CVE-2025-2149 | 1 Linuxfoundation | 1 Pytorch | 2026-02-24 | 1.0 LOW | 2.5 LOW |
|
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-14448 | 1 Butlerblog | 1 Wp-members | 2026-02-24 | N/A | 5.4 MEDIUM |
|
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2026-25795 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | N/A | 5.3 MEDIUM |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
|
|||||
| CVE-2026-25796 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | N/A | 5.3 MEDIUM |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
|
|||||
| CVE-2026-25798 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | N/A | 5.3 MEDIUM |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
|
|||||
| CVE-2026-25799 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | N/A | 5.3 MEDIUM |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
|
|||||
| CVE-2026-25897 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | N/A | 6.5 MEDIUM |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
|
|||||
| CVE-2026-25989 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | N/A | 7.5 HIGH |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
|
|||||
| CVE-2026-26066 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | N/A | 6.2 MEDIUM |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
|
|||||
| CVE-2026-26283 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | N/A | 6.2 MEDIUM |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
|
|||||
| CVE-2026-26284 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | N/A | 6.5 MEDIUM |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
|
|||||
| CVE-2026-26983 | 1 Imagemagick | 1 Imagemagick | 2026-02-24 | N/A | 5.3 MEDIUM |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
|
|||||
| CVE-2025-9862 | 1 Ghost | 1 Ghost | 2026-02-24 | N/A | 6.5 MEDIUM |
|
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.
|
|||||
| CVE-2026-2983 | 1 Munyweki | 1 Student Result Management System | 2026-02-24 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import. This manipulation of the argument File causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-21015 | 1 Samsung | 1 Android | 2026-02-24 | N/A | 4.0 MEDIUM |
|
Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.
|
|||||
| CVE-2026-0668 | 2 Mediawiki, Wikisphere | 2 Mediawiki, Visualdata | 2026-02-24 | N/A | 5.3 MEDIUM |
|
Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.
|
|||||
| CVE-2026-2984 | 1 Munyweki | 1 Student Result Management System | 2026-02-24 | 6.4 MEDIUM | 6.5 MEDIUM |
|
A vulnerability was identified in SourceCodester Student Result Management System 1.0. This affects an unknown function of the file /admin/core/drop_user.php. Such manipulation of the argument ID leads to denial of service. The attack can be executed remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2021-42306 | 1 Microsoft | 4 Azure Active Directory, Azure Active Site Recovery, Azure Automation and 1 more | 2026-02-24 | 4.0 MEDIUM | 8.1 HIGH |
|
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.
Azure AD addressed this vulnerability by preventing disclosure of any private key values added to th ...
Show More |
|||||
| CVE-2025-54158 | 1 Synology | 1 Beedrive | 2026-02-24 | N/A | 7.8 HIGH |
|
Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2021-41372 | 1 Microsoft | 1 Power Bi Report Server | 2026-02-24 | 6.8 MEDIUM | 7.6 HIGH |
|
A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim.
Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin ...
Show More |
|||||
| CVE-2021-40032 | 1 Huawei | 1 Harmonyos | 2026-02-24 | 5.0 MEDIUM | 7.5 HIGH |
|
The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2021-40027 | 1 Huawei | 1 Harmonyos | 2026-02-24 | 5.0 MEDIUM | 7.5 HIGH |
|
The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2021-40014 | 1 Huawei | 1 Harmonyos | 2026-02-24 | 5.0 MEDIUM | 7.5 HIGH |
|
The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2021-40006 | 1 Huawei | 1 Harmonyos | 2026-02-24 | 2.1 LOW | 4.6 MEDIUM |
|
Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.
|
|||||