CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/02/17 2:16 p.m.•4 views

AZL-78129 CVE-2026-25087 affecting package libarrow 15.0.0-7

UbuntuCve•added 2026/02/17 2:16 p.m.•0 views

CVE-2026-25087

7CVSS5.9AI score0.00807EPSS

Exploits0References3

Tenable Product Security Advisories•added 2026/02/17 1:32 p.m.•4 views

[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2

R1 Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2 Arnie Cabral Tue, 02/17/2026 - 08:32 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components...

6.5AI score

Tenable Product Security Advisories•added 2026/02/17 1:32 p.m.•7 views

[R2] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2

R2 Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2 Arnie Cabral Tue, 02/17/2026 - 08:32 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components...

6.5AI score

CVE•added 2026/02/17 1:18 p.m.•30 views

CVE-2026-25087

CVE-2026-25087 (Apache Arrow C++) details : A use-after-free vulnerability affects Arrow C++ 15.0.0–23.0.0. It can be triggered when reading an Arrow IPC file (not an IPC stream) with pre-buffering enabled, if the IPC file contains variadic buffers (e.g., Binary View and String View data). Depend...

7CVSS5.7AI score0.00807EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/02/17 1:18 p.m.•26 views

CVE-2026-25087 Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering

0.00807EPSS

Exploits0References2

Debian CVE•added 2026/02/17 1:18 p.m.•3 views

CVE-2026-25087

OSV•added 2026/02/17 12:31 p.m.•2 views

GHSA-C5W7-M8WF-XC77 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

8.7CVSS5.6AI score0.0075EPSS

Exploits0References6

IBM Security Bulletins•added 2026/02/17 12:4 p.m.•12 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang:...

7.5CVSS6.5AI score0.03026EPSS

Exploits3Affected Software1

vulnersOsv•added 2026/02/17 10:54 a.m.•4 views

org.apache.nifi:nifi-framework-nar (>=1.1.0 <=1.9.2), org.apache.nifi:nifi-jetty (>=1.1.0 <=1.9.2) +3 more potentially affected by CVE-2026-25903 via org.apache.nifi:nifi-web-api (>=1.1.0 <=2.7.2)

org.apache.nifi:nifi-web-api MAVEN version =1.1.0, =1.1.0, =1.1.0, =2.0.0, =1.20.0, =1.20.0, =2.7.2 Source cves: CVE-2026-25903 Source advisory: SNYK:JAVA-ORGAPACHENIFI-15304459...

8.7CVSS7.4AI score0.0075EPSS

Vulnrichment•added 2026/02/17 9:54 a.m.•3 views

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

8.7CVSS5.6AI score0.0075EPSS

CVE•added 2026/02/17 9:54 a.m.•30 views

CVE-2026-25903

Summary: CVE-2026-25903 affects Apache NiFi 1.1.0–2.7.2, where updating configuration properties on extension components with Restricted annotation permissions bypasses some authorization checks. This can allow a user with lower privileges to modify properties for components that require higher p...

8.7CVSS5.6AI score0.0075EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/02/17 12:0 a.m.•4 views

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system developed by the Apache Foundation in the United States. This system is primarily used for data routing, transformation, and intermediate logic within the system. There are security vulnerabilities in Apache NiFi versions 1.1.0 to 2.7.2...

8.7CVSS7.5AI score0.0075EPSS

Exploits0References2

CNNVD•added 2026/02/17 12:0 a.m.•5 views

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Vulnerabilities exist in versions of Apache Tomcat from 11.0.0-M1 to 11.0.14, from 10.1.0-M1 to 10.1.49, from 9.0.0-M1 to 9.0.11...

9.1CVSS6.8AI score0.00235EPSS

CNNVD•added 2026/02/17 12:0 a.m.•4 views

Apache Tomcat和Apache Tomcat Native 输入验证错误漏洞

Apache Tomcat and Apache Tomcat Native are both products of the Apache Foundation in the United States. Apache Tomcat is a lightweight web application server that supports Servlet and JavaServer Page JSP technologies. Apache Tomcat Native is a native component library. There is an input validatio...

7.5CVSS6.6AI score0.00218EPSS

Exploits0References2

CNNVD•added 2026/02/17 12:0 a.m.•6 views

Apache Arrow 安全漏洞

Apache Arrow is a cross-language development platform for memory data processing, developed by the Apache Foundation in the United States. This platform supports programming languages such as C, C++, C, Go, and Java, and provides features like inter-process communication. Versions of Apache Arrow...