Total
335269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2247 | 1 Octopus | 1 Octopus Deploy | 2026-02-25 | 5.3 Medium |
| In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function | ||||
| CVE-2023-27990 | 1 Zyxel | 38 Atp100, Atp100 Firmware, Atp100w and 35 more | 2026-02-25 | 4.8 Medium |
| The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device. | ||||
| CVE-2023-26935 | 2026-02-25 | N/A | ||
| ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This record is a reservation duplicate of CVE-2019-9587. Notes: All CVE users should reference CVE-2019-9587 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. | ||||
| CVE-2023-26934 | 2026-02-25 | N/A | ||
| ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This record is a reservation duplicate of CVE-2019-9587. Notes: All CVE users should reference CVE-2019-9587 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. | ||||
| CVE-2023-26303 | 1 Executablebooks | 1 Markdown-it-py | 2026-02-25 | 3.3 Low |
| Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input. | ||||
| CVE-2023-26302 | 1 Executablebooks | 1 Markdown-it-py | 2026-02-25 | 3.3 Low |
| Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input. | ||||
| CVE-2023-23841 | 1 Solarwinds | 1 Serv-u | 2026-02-25 | 7.5 High |
| SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. | ||||
| CVE-2026-21912 | 2 Juniper, Juniper Networks | 6 Junos, Lc2101, Lc480 and 3 more | 2026-02-25 | 5.5 Medium |
| A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to reset. On MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the 'show system firmware' CLI command can cause the line card to crash and restart. Additionally, some time after the line card crashes, chassisd may also crash and restart, generating a core dump.This issue affects Junos OS on MX10k Series: * all versions before 21.2R3-S10, * from 21.4 before 21.4R3-S9, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S2, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R2. | ||||
| CVE-2026-1849 | 1 Mongodb | 1 Mongodb | 2026-02-25 | 6.5 Medium |
| MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression. | ||||
| CVE-2026-21910 | 2 Juniper, Juniper Networks | 22 Ex-series, Ex4000, Ex4100 and 19 more | 2026-02-25 | 6.5 Medium |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (DoS). On all EX4k and QFX5k platforms, a link flap in an EVPN-VXLAN configuration Link Aggregation Group (LAG) results in Inter-VNI traffic dropping when there are multiple load-balanced next-hop routes for the same destination. This issue is only applicable to systems that support EVPN-VXLAN Virtual Port-Link Aggregation Groups (VPLAG), such as the QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650. Service can only be restored by restarting the affected FPC via the 'request chassis fpc restart slot <slot-number>' command. This issue affects Junos OS on EX4k and QFX5k Series: * all versions before 21.4R3-S12, * all versions of 22.2 * from 22.4 before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2. | ||||
| CVE-2023-0919 | 1 Kavitareader | 1 Kavita | 2026-02-25 | 8.1 High |
| Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0. | ||||
| CVE-2023-0567 | 3 Php, Php Group, Redhat | 3 Php, Php, Enterprise Linux | 2026-02-25 | 7.7 High |
| In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. | ||||
| CVE-2023-0342 | 1 Mongodb | 1 Ops Manager Server | 2026-02-25 | 3.1 Low |
| MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12 | ||||
| CVE-2023-0026 | 1 Juniper | 2 Junos, Junos Os Evolved | 2026-02-25 | 7.5 High |
| An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This issue affects: Juniper Networks Junos OS 15.1R1 and later versions prior to 20.4R3-S8; 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5; 21.4 versions prior to 21.4R3-S4; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S2; 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; 22.4 versions prior to 22.4R2-S1, 22.4R3; 23.1 versions prior to 23.1R1-S1, 23.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S8-EVO; 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO; 21.3 versions prior to 21.3R3-S5-EVO; 21.4 versions prior to 21.4R3-S4-EVO; 22.1 versions prior to 22.1R3-S4-EVO; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO. | ||||
| CVE-2026-1850 | 1 Mongodb | 1 Mongodb | 2026-02-25 | 6.5 Medium |
| Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. | ||||
| CVE-2026-25609 | 1 Mongodb | 1 Mongodb | 2026-02-25 | 5.4 Medium |
| Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only. | ||||
| CVE-2025-0577 | 1 Redhat | 1 Enterprise Linux | 2026-02-25 | 4.8 Medium |
| An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions. | ||||
| CVE-2023-22524 | 2 Apple, Atlassian | 2 Macos, Companion | 2026-02-25 | 9.8 Critical |
| Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code. | ||||
| CVE-2023-22523 | 1 Atlassian | 3 Assets Discovery Cloud, Assets Discovery Data Center, Assets Discovery Data Server | 2026-02-25 | 8.8 High |
| This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent. | ||||
| CVE-2026-27645 | 2 Dgtlmoon, Webtechnologies | 2 Changedetection.io, Changedetection | 2026-02-25 | 6.1 Medium |
| changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser parses and executes injected JavaScript. Version 0.54.1 contains a fix for the issue. | ||||