Total
34918 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38156 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 7.2 HIGH |
| Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability | |||||
| CVE-2023-36877 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 4.5 MEDIUM |
| Azure Apache Oozie Spoofing Vulnerability | |||||
| CVE-2023-23408 | 1 Microsoft | 1 Azure Hdinsight | 2026-02-11 | N/A | 4.5 MEDIUM |
| Azure Apache Ambari Spoofing Vulnerability | |||||
| CVE-2025-69983 | 1 Frangoteam | 1 Fuxa | 2026-02-11 | N/A | 9.8 CRITICAL |
| FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise. | |||||
| CVE-2025-63386 | 1 Langgenius | 1 Dify | 2026-02-11 | N/A | 9.1 CRITICAL |
| A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains to make authenticated requests. NOTE: the Supplier disputes this because the endpoint configuration is intentional to support bootstrap. | |||||
| CVE-2025-20987 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 5.2 MEDIUM |
| Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token. | |||||
| CVE-2025-20985 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 5.5 MEDIUM |
| Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items. | |||||
| CVE-2025-20981 | 1 Samsung | 1 Android | 2026-02-10 | N/A | 6.2 MEDIUM |
| Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information. | |||||
| CVE-2020-37114 | 1 Gunet | 1 Open Eclass Platform | 2026-02-10 | N/A | 4.3 MEDIUM |
| GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization. | |||||
| CVE-2020-37116 | 1 Gunet | 1 Open Eclass Platform | 2026-02-10 | N/A | 8.8 HIGH |
| GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise. | |||||
| CVE-2025-14026 | 1 Forcepoint | 1 One Data Loss Prevention | 2026-02-10 | N/A | 7.8 HIGH |
| Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed. | |||||
| CVE-2026-24923 | 1 Huawei | 1 Harmonyos | 2026-02-10 | N/A | 6.3 MEDIUM |
| Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2026-24921 | 1 Huawei | 1 Harmonyos | 2026-02-10 | N/A | 4.8 MEDIUM |
| Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | |||||
| CVE-2026-24918 | 1 Huawei | 2 Emui, Harmonyos | 2026-02-10 | N/A | 6.8 MEDIUM |
| Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-23367 | 1 Redhat | 2 Jboss Enterprise Application Platform, Wildfly | 2026-02-10 | N/A | 6.5 MEDIUM |
| A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action. | |||||
| CVE-2026-24927 | 1 Huawei | 2 Emui, Harmonyos | 2026-02-09 | N/A | 5.5 MEDIUM |
| Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2026-24920 | 1 Huawei | 2 Emui, Harmonyos | 2026-02-09 | N/A | 6.2 MEDIUM |
| Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2026-24931 | 1 Huawei | 1 Harmonyos | 2026-02-09 | N/A | 5.9 MEDIUM |
| Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2020-36926 | 1 Smartertools | 1 Smartertrack | 2026-02-09 | N/A | 7.5 HIGH |
| SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers. | |||||
| CVE-2022-29164 | 1 Argoproj | 1 Argo Workflows | 2026-02-06 | 4.6 MEDIUM | 7.1 HIGH |
| Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running. As the script has access to the Argo Server API (as the victim), so may read information about the victim’s workflows, or create and delete workflows. Note the attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows. The attacker must have an understanding of the victim’s system. We have seen no evidence of this in the wild. We urge all users to upgrade to the fixed versions. | |||||