Export limit exceeded: 12584 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12584 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-16910 1 Microsoft 11 Windows 10, Windows 10 1507, Windows 10 1607 and 8 more 2026-02-23 6.2 Medium
<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.</p> <p>To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.</p> <p>The security update addresses the vulnerability by correcting security feature behavior to enforce permissions.</p>
CVE-2020-16222 1 Philips 2 Patient Information Center Ix, Performancebridge Focal Point 2026-02-23 8.8 High
In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.
CVE-2019-2386 1 Mongodb 1 Mongodb 2026-02-23 7.1 High
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9; MongoDB Server v3.6 versions prior to 3.6.13 and MongoDB Server v3.4 versions prior to 3.4.22. Workaround: After deleting one or more users, restart any nodes which may have had active user authorization sessions. Refrain from creating user accounts with the same name as previously deleted accounts.
CVE-2023-6239 1 M-files 1 M-files Server 2026-02-23 5.4 Medium
Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.
CVE-2023-6189 1 M-files 1 M-files Server 2026-02-23 4.3 Medium
Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods.
CVE-2023-2480 1 M-files 1 M-files 2026-02-23 7.5 High
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications
CVE-2023-2112 1 M-files 1 M-files Server 2026-02-23 3.6 Low
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.
CVE-2022-4861 1 M-files 1 M-files Client 2026-02-23 4.8 Medium
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.
CVE-2025-15503 1 Sangfor 1 Operation And Maintenance Security Management System 2026-02-23 7.3 High
A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-15495 1 Biggidroid 1 Simple Php Cms 2026-02-23 4.7 Medium
A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-15458 2 1234n, Bg5sbk 2 Minicms, Minicms 2026-02-23 7.3 High
A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-15457 2 1234n, Bg5sbk 2 Minicms, Minicms 2026-02-23 7.3 High
A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-15456 2 1234n, Bg5sbk 2 Minicms, Minicms 2026-02-23 7.3 High
A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The existence of this vulnerability is still disputed at present. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-15455 2 1234n, Bg5sbk 2 Minicms, Minicms 2026-02-23 6.5 Medium
A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-15423 2 Empiresoft, Phome 2 Empirecms, Empirecms 2026-02-23 6.3 Medium
A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-15415 2 Wang.market, Xnx3 2 Wangmarket, Wangmarket 2026-02-23 4.7 Medium
A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-15404 1 Campcodes 1 School File Management System 2026-02-23 6.3 Medium
A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-59253 1 Microsoft 28 Windows, Windows 10, Windows 10 1507 and 25 more 2026-02-22 5.5 Medium
Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
CVE-2025-58714 1 Microsoft 30 Windows, Windows 10, Windows 10 1507 and 27 more 2026-02-22 7.8 High
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-59280 1 Microsoft 28 Windows, Windows 10, Windows 10 1507 and 25 more 2026-02-22 3.1 Low
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.