Total
11917 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13587 | 2026-02-19 | N/A | 6.5 MEDIUM | ||
| The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS88_2FAVE::wp_login() method only enforces the 2FA requirement if the 'token' HTTP GET parameter is undefined, which makes it possible to bypass two-factor authentication by supplying any value in the 'token' parameter during login, including an empty one. | |||||
| CVE-2026-2555 | 1 Jeecg | 1 Jeecg Boot | 2026-02-18 | 4.6 MEDIUM | 5.0 MEDIUM |
| A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization. The attack can be launched remotely. Attacks of this nature are highly complex. It is stated that the exploitability is difficult. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-23836 | 1 Hotcrp | 1 Hotcrp | 2026-02-18 | N/A | 9.9 CRITICAL |
| HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2. | |||||
| CVE-2025-70123 | 1 Free5gc | 1 Free5gc | 2026-02-18 | N/A | 7.5 HIGH |
| An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a subsequent valid PFCP Session Establishment Request triggers a cascading failure, disrupting the SMF connection and causing service degradation. | |||||
| CVE-2026-23887 | 1 Group-office | 1 Group Office | 2026-02-18 | N/A | 5.4 MEDIUM |
| Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting (XSS). Users who interact with these specially crafted file names within the Group-Office application are affected. While the scope is limited to the file-viewing context, it could still be used to interfere with user sessions or perform unintended actions in the browser. This issue is fixed in versions 6.8.149 and 25.0.80. | |||||
| CVE-2025-59886 | 1 Eaton | 1 Xcomfort Ethernet Communication Interface | 2026-02-18 | N/A | 8.8 HIGH |
| Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the product. Upon retirement or end of support, there will be no new security updates, non-security updates, or paid assisted support options, or online technical content updates. | |||||
| CVE-2021-37914 | 1 Argoproj | 1 Argo Workflows | 2026-02-13 | 5.8 MEDIUM | 6.5 MEDIUM |
| In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated. | |||||
| CVE-2025-26647 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-02-13 | N/A | 8.8 HIGH |
| Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2026-20627 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-02-13 | N/A | 5.5 MEDIUM |
| An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data. | |||||
| CVE-2026-22220 | 1 Tp-link | 2 Archer Be230, Archer Be230 Firmware | 2026-02-13 | N/A | 4.5 MEDIUM |
| A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device’s web interface to temporarily stop responding until it recovers or is rebooted. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. | |||||
| CVE-2026-0404 | 1 Netgear | 24 Rbr750, Rbr750 Firmware, Rbr840 and 21 more | 2026-02-12 | N/A | 8.0 HIGH |
| An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default. | |||||
| CVE-2025-12131 | 1 Silabs | 1 Simplicity Software Development Kit | 2026-02-12 | N/A | 6.5 MEDIUM |
| A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. | |||||
| CVE-2025-27023 | 1 Nokia | 2 G42, G42 Firmware | 2026-02-11 | N/A | 6.5 MEDIUM |
| Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of commands. This feature also offers the option to execute a script-file already present on the target device. When a non-script or incorrect file is specified, the content of the file is shown along with an error message. Due to an execution of the http service with a privileged user all files on the file system can be viewed this way. | |||||
| CVE-2026-21229 | 1 Microsoft | 1 Power Bi Report Server | 2026-02-11 | N/A | 8.0 HIGH |
| Improper input validation in Power BI allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-21247 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-02-11 | N/A | 7.3 HIGH |
| Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. | |||||
| CVE-2026-23571 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 6.8 MEDIUM |
| A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious commands injected into the instruction’s input field. Users of 1E Client version 24.5 or higher are not affected. | |||||
| CVE-2026-23570 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 6.5 MEDIUM |
| A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged or nonsensical datetime prefixes and compromising log integrity and forensic correlation. | |||||
| CVE-2026-23566 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-02-11 | N/A | 6.5 MEDIUM |
| A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation. | |||||
| CVE-2026-21258 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2026-02-11 | N/A | 5.5 MEDIUM |
| Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2023-38156 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 7.2 HIGH |
| Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability | |||||