Total
331355 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47364 | 2026-02-03 | N/A | 6.8 MEDIUM | ||
| Memory corruption while calculating offset from partition start point. | |||||
| CVE-2025-47363 | 2026-02-03 | N/A | 6.8 MEDIUM | ||
| Memory corruption when calculating oversized partition sizes without proper checks. | |||||
| CVE-2022-50952 | 2026-02-03 | N/A | 6.4 MEDIUM | ||
| Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction. | |||||
| CVE-2020-37046 | 2026-02-03 | N/A | 5.3 MEDIUM | ||
| Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative accounts without the victim's consent. | |||||
| CVE-2020-37063 | 2026-02-03 | N/A | 7.8 HIGH | ||
| TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions. | |||||
| CVE-2026-1757 | 2026-02-03 | N/A | 6.2 MEDIUM | ||
| A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system. | |||||
| CVE-2026-23030 | 2026-02-03 | N/A | N/A | ||
| In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop. After breaking from the loop with the child_np has been released, the code will jump to the put_child label and will call the of_node_put() again if the devm_request_threaded_irq() fails. These cause a double free bug. Fix by returning directly to avoid the duplicate of_node_put(). | |||||
| CVE-2026-1738 | 2026-02-03 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published and may be used. It is advisable to implement a patch to correct this issue. The issue report is flagged as already-fixed. | |||||
| CVE-2024-54263 | 2026-02-03 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13. | |||||
| CVE-2025-7105 | 2026-02-03 | N/A | 5.7 MEDIUM | ||
| A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in `/api/convos/fork` to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service restart, causing a denial of service. This issue affects the latest version of the product. | |||||
| CVE-2020-37061 | 2026-02-03 | N/A | 7.8 HIGH | ||
| BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions. | |||||
| CVE-2021-47917 | 2026-02-03 | N/A | 6.4 MEDIUM | ||
| Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation. | |||||
| CVE-2020-37057 | 2026-02-03 | N/A | 8.2 HIGH | ||
| Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information. | |||||
| CVE-2026-0630 | 2026-02-03 | N/A | N/A | ||
| An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. | |||||
| CVE-2025-47358 | 2026-02-03 | N/A | 7.8 HIGH | ||
| Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently. | |||||
| CVE-2026-23039 | 2026-02-03 | N/A | N/A | ||
| In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drm_atomic_helper_disable_all() is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a kernel oops on every display disconnect. Add guards for those dereferences. | |||||
| CVE-2022-50976 | 2026-02-03 | N/A | 7.7 HIGH | ||
| A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB. | |||||
| CVE-2020-37035 | 2026-02-03 | N/A | 8.2 HIGH | ||
| e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive database information. | |||||
| CVE-2020-37051 | 2026-02-03 | N/A | 8.2 HIGH | ||
| Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters. | |||||
| CVE-2021-47918 | 2026-02-03 | N/A | 8.1 HIGH | ||
| Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. | |||||