Export limit exceeded: 24496 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24496 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24473 | 1 Hono | 1 Hono | 2026-02-04 | 5.3 Medium |
| Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment. Improper validation of user-controlled paths can result in unintended access to internal asset keys. Version 4.11.7 contains a patch for the issue. | ||||
| CVE-2025-6593 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-02-04 | N/A |
| Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0. | ||||
| CVE-2025-6590 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-02-04 | N/A |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0. | ||||
| CVE-2025-61639 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-02-04 | N/A |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. | ||||
| CVE-2026-0950 | 2 Brainstormforce, Wordpress | 2 Spectra, Wordpress | 2026-02-04 | 5.3 Medium |
| The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check `post_password_required()` before rendering post excerpts in the `render_excerpt()` function and the `uagb_get_excerpt()` helper function. This makes it possible for unauthenticated attackers to read excerpts of password-protected posts by simply viewing any page that contains a Spectra Post Grid, Post Masonry, Post Carousel, or Post Timeline block. | ||||
| CVE-2025-67476 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-02-04 | 4.3 Medium |
| Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from * before 1.44.3, 1.45.1. | ||||
| CVE-2025-12773 | 1 Brocade | 1 Sannav | 2026-02-04 | N/A |
| A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnav database password. | ||||
| CVE-2025-8590 | 1 Akce | 1 Skspro | 2026-02-04 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026. | ||||
| CVE-2026-1371 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-02-04 | 5.3 Medium |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the `ajax_coupon_details()` function, which only validates nonces but does not verify user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive coupon information including coupon codes, discount amounts, usage statistics, and course/bundle applications. | ||||
| CVE-2026-24992 | 2 Wordpress, Wpfactory | 2 Wordpress, Advanced Woocommerce Product Sales Reporting | 2026-02-04 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensitive Data.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.2. | ||||
| CVE-2026-0818 | 1 Mozilla | 1 Thunderbird | 2026-02-04 | 4.3 Medium |
| When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1. | ||||
| CVE-2025-13033 | 1 Redhat | 3 Acm, Ceph Storage, Rhdh | 2026-02-03 | 7.5 High |
| A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls. | ||||
| CVE-2025-11065 | 1 Redhat | 13 Acm, Advanced Cluster Security, Certifications and 10 more | 2026-02-03 | 5.3 Medium |
| A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts. | ||||
| CVE-2025-13428 | 1 Google | 2 Cloud Secops Soar Server, Security Operations Soar | 2026-02-03 | 7.2 High |
| A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE) in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containing a malicious setup.py file, which would execute on the server during the installation process, leading to potential server compromise. No customer action is required. All customers have been automatically upgraded to the fixed version: 6.3.64 or higher. | ||||
| CVE-2025-65397 | 1 Blurams | 3 Dome Flare, Dome Flare Firmware, Flare Camera | 2026-02-03 | 6.8 Medium |
| An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. The vulnerability can be triggered by providing a maliciously crafted auth.ini file on the device's SD card. | ||||
| CVE-2025-71003 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-71007 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-71009 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.2 Medium |
| An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices. | ||||
| CVE-2025-71011 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 6.2 Medium |
| An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-63205 | 1 Bridgetech | 11 Nomad, Nomad Portable, Nomad Portable Firmware and 8 more | 2026-02-03 | 7.5 High |
| An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint. NOTE: the Supplier disagrees that 6.5.0-9 is affected, and instead reports that 5.6.0-3 and earlier are affected, and 5.6.0-4 (2020-09-21) and later are fixed. | ||||