Search Results (577 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-21299 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2026-02-13 7.1 High
Windows Kerberos Security Feature Bypass Vulnerability
CVE-2025-29809 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2026-02-13 7.1 High
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
CVE-2025-48807 1 Microsoft 23 Hyper-v, Server, Windows and 20 more 2026-02-13 6.7 Medium
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2025-49734 1 Microsoft 23 Powershell, Windows, Windows 10 and 20 more 2026-02-13 7 High
Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2025-2241 1 Redhat 2 Acm, Multicluster Engine 2026-02-12 8.2 High
A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.
CVE-2025-15464 1 Yintibao 2 Fun Print, Fun Print Mobile 2026-02-12 7.5 High
Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.
CVE-2025-10464 1 Birtech Information Technologies Industry And Trade 1 Senseway 2026-02-11 6.5 Medium
Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data.This issue affects Senseway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-70963 1 Getgophish 1 Gophish 2026-02-10 7.6 High
Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context.
CVE-2025-58742 2 Microsoft, Milner 2 Windows, Imagedirector Capture 2026-02-10 5.9 Medium
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.
CVE-2025-20912 1 Samsung 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more 2026-02-02 6.2 Medium
Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch.
CVE-2024-55931 1 Xerox 1 Workplace Suite 2026-01-30 6.5 Medium
Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised.  The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin.
CVE-2025-20945 2 Samsung, Samsung Mobile 12 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 9 more 2026-01-27 4 Medium
Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch.
CVE-2024-47490 1 Juniper 8 Acx7020, Acx7024, Acx7024x and 5 more 2026-01-26 8.2 High
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS). When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue.  This issue affects Junos OS Evolved ACX 7000 Series:  * All versions before 21.4R3-S9-EVO, * 22.2-EVO before 22.2R3-S4-EVO,  * 22.3-EVO before 22.3R3-S3-EVO,  * 22.4-EVO before 22.4R3-S2-EVO,  * 23.2-EVO before 23.2R2-EVO,  * 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.
CVE-2025-14376 1 Rockwellautomation 1 Verve Asset Manager 2026-01-26 N/A
A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024.
CVE-2024-39537 1 Juniper 7 Acx7020, Acx7024, Acx7024x and 4 more 2026-01-22 6.5 Medium
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports. This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO.
CVE-2025-61939 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2026-01-22 8.8 High
An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker controlled device.
CVE-2024-37144 1 Dell 5 Data Lakehouse, Insightiq, Powerflex Appliance Intelligent Catalog and 2 more 2026-01-22 8.2 High
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster.
CVE-2025-12357 2 Iec, Iso 15118-2 Network And Application Protocol Requirements 2 Ev Car Chargers, Ev Car Chargers 2026-01-15 8.3 High
By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close proximity, via electromagnetic induction.
CVE-2023-30767 1 Intel 1 Optimization For Tensorflow 2026-01-14 5.5 Medium
Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-21045 1 Samsung 12 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 9 more 2026-01-09 4 Medium
Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information.