6.5

CVSS3.1

CVE-2025-70044 -

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3.

πŸ“… Published: Feb. 23, 2026, midnight πŸ”„ Last Modified: Feb. 26, 2026, 8:06 p.m.

9.1

CVSS3.1

CVE-2025-70043 -

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in TLS socket options

πŸ“… Published: Feb. 23, 2026, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.4

CVSS3.1

CVE-2025-70058 -

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests

πŸ“… Published: Feb. 23, 2026, midnight πŸ”„ Last Modified: Feb. 26, 2026, 8:03 p.m.

6.2

CVSS3.1

CVE-2025-61147 -

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().

πŸ“… Published: Feb. 23, 2026, midnight πŸ”„ Last Modified: March 24, 2026, 12:25 p.m.

5.5

CVSS3.1

CVE-2025-61143 - libtiff: libtiff: Denial of Service via NULL pointer dereference in tif_open.c

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.

πŸ“… Published: Feb. 23, 2026, midnight πŸ”„ Last Modified: Feb. 25, 2026, 3:20 p.m.

7.2

CVSS3.1

CVE-2025-14905 - 389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional forma…

πŸ“… Published: Feb. 23, 2026, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.1

CVSS3.1

CVE-2025-71056 -

Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user.

πŸ“… Published: Feb. 23, 2026, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.4

CVSS3.1

CVE-2025-63946 -

A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.

πŸ“… Published: Feb. 23, 2026, midnight πŸ”„ Last Modified: Feb. 26, 2026, 4:31 p.m.

8.8

CVSS3.1

CVE-2026-3063 - chromium-browser: Inappropriate implementation in DevTools

Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)

πŸ“… Published: Feb. 23, 2026, midnight πŸ”„ Last Modified: April 17, 2026, 4:15 p.m.

9.8

CVSS3.1

CVE-2025-70327 -

TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen…

πŸ“… Published: Feb. 23, 2026, midnight πŸ”„ Last Modified: Feb. 26, 2026, 3:06 a.m.
Total resulsts: 349182
Page 1487 of 34,919
Β« previous page Β» next page
Filters