Search Results (5437 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-2260 2 D-link, Dlink 3 Dcs-931l, Dcs-931l, Dcs-931l Firmware 2026-02-12 7.2 High
A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2026-2000 1 Dcn 1 Dcme-320 2026-02-12 4.7 Medium
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation of the argument ip_list results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-67221 1 Ijl 1 Orjson 2026-02-12 7.5 High
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.
CVE-2025-57708 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 6.5 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-57710 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 4.9 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-57711 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 4.9 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-58471 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 4.9 Medium
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.2.0.1 ( 2025/12/21 ) and later
CVE-2025-54149 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 5.5 Medium
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54150 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 5.5 Medium
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2025-54151 2 Qnap, Qnap Systems 2 Qsync Central, Qsync Central 2026-02-12 5.5 Medium
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVE-2026-21720 1 Grafana 2 Grafana, Grafana Enterprise 2026-02-12 7.5 High
Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems.
CVE-2021-26381 1 Amd 17 Radeon Pro V520, Radeon Pro V620, Radeon Pro W5000 Series and 14 more 2026-02-12 N/A
Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption.
CVE-2026-21522 1 Microsoft 3 Confcom, Confidental Containers, Microsoft Aci Confidential Containers 2026-02-11 6.7 Medium
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
CVE-2026-20841 1 Microsoft 2 Window Notepad, Windows Notepad 2026-02-11 8.8 High
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
CVE-2026-1848 1 Mongodb 1 Mongodb 2026-02-11 7.5 High
Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.
CVE-2026-1850 1 Mongodb 1 Mongodb 2026-02-11 6.5 Medium
Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash.
CVE-2026-1458 1 Gitlab 1 Gitlab 2026-02-11 6.5 Medium
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files.
CVE-2026-1456 1 Gitlab 1 Gitlab 2026-02-11 6.5 Medium
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing in markdown preview.
CVE-2026-1387 1 Gitlab 1 Gitlab 2026-02-11 6.5 Medium
GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl.
CVE-2025-8099 1 Gitlab 1 Gitlab 2026-02-11 7.5 High
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.