Search
Search Results (333061 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26299 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2026-26298 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2026-26297 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2026-26296 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2026-26295 | 2026-02-14 | N/A | ||
| Not used | ||||
| CVE-2025-9293 | 2 Tp-link, Tp Link | 14 Aginet App, Deco App, Festa App and 11 more | 2026-02-13 | N/A |
| A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data. | ||||
| CVE-2025-9292 | 1 Tp-link | 1 Omada Cloud Controller | 2026-02-13 | N/A |
| A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TP‑Link. No user action is required. | ||||
| CVE-2025-55338 | 1 Microsoft | 26 Bitlocker, Windows, Windows 10 and 23 more | 2026-02-13 | 6.1 Medium |
| Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-59213 | 1 Microsoft | 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more | 2026-02-13 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2025-60711 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | 6.3 Medium |
| Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-59501 | 1 Microsoft | 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more | 2026-02-13 | 4.8 Medium |
| Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network. | ||||
| CVE-2025-59500 | 1 Microsoft | 2 Azure, Azure Notification Service | 2026-02-13 | 7.7 High |
| Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59503 | 1 Microsoft | 2 Azure, Azure Compute Resource Provider | 2026-02-13 | 10 Critical |
| Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59273 | 1 Microsoft | 3 Azure, Azure Event Grid, Azure Event Grid System | 2026-02-13 | 7.3 High |
| Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59286 | 1 Microsoft | 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more | 2026-02-13 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-55321 | 1 Microsoft | 1 Azure Monitor | 2026-02-13 | 9.3 Critical |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59272 | 1 Microsoft | 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more | 2026-02-13 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally. | ||||
| CVE-2025-59271 | 1 Microsoft | 3 Azure Cache For Redis, Azure Cache For Redis Enterprise, Azure Managed Redis | 2026-02-13 | 8.7 High |
| Redis Enterprise Elevation of Privilege Vulnerability | ||||
| CVE-2025-59252 | 1 Microsoft | 3 365, 365 Copilot, 365 Word Copilot | 2026-02-13 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-59247 | 1 Microsoft | 2 Azure, Azure Playfab | 2026-02-13 | 8.8 High |
| Azure PlayFab Elevation of Privilege Vulnerability | ||||