CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/02/11 12:0 a.m.•4 views

PT-2026-7532

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A use of externally-controlled format string issue exists in Qsync Central. A remote attacker who obtains a user account may be able to obtain secret data or modify memory. The issue involves...

8.1CVSS5.4AI score0.00062EPSS

Exploits0References5

ATTACKERKB•added 2026/02/11 12:0 a.m.•2 views

CVE-2024-50617

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...

5.3AI score0.0005EPSS

CVE•added 2026/02/11 12:0 a.m.•8 views

CVE-2024-50617

CVE-2024-50617 affects CIPPlanner CIPAce (prior to 9.17) in the File Download and Get File handler components. An authenticated user can modify the file id parameter or pass a physical file path in the URL query to retrieve files that should require data access permissions for documents, enabling...

7.5CVSS5.3AI score0.0005EPSS

Exploits0References1Affected Software1

Oracle linux•added 2026/02/11 12:0 a.m.•5 views

glib2 security update

2.56.1-9.0.3 - Fixes CVE-2025-13601 gescapeuristring overflow Orabug: 38909821 2.56.1-9.0.1 - Fix overflow of GDBusConnection serial Orabug: 38666376...

7.7CVSS5.5AI score0.00013EPSS

Exploits1

ATTACKERKB•added 2026/02/11 12:0 a.m.•2 views

CVE-2025-70085

An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames Source1Filename and the string returned by FileUtilFileStateStr into this buffer without any length checking and without using bounded format specifiers...

6AI score0.00065EPSS

Exploits0References5

RedHat Linux•added 2026/02/10 8:17 p.m.•1 views

tornado: Tornado Quadratic DoS via Repeated Header Coalescing

A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...

RedHat Linux•added 2026/02/10 7:17 p.m.•3 views

tornado: Tornado Quadratic DoS via Repeated Header Coalescing

RedHat Linux•added 2026/02/10 6:26 p.m.•1 views

tornado: Tornado Quadratic DoS via Repeated Header Coalescing

NVD•added 2026/02/10 6:16 p.m.•3 views

CVE-2026-25993

EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...

9.8CVSS0.00043EPSS

RedHat Linux•added 2026/02/10 5:54 p.m.•1 views

tornado: Tornado Quadratic DoS via Repeated Header Coalescing

NVD•added 2026/02/10 4:16 p.m.•2 views

CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...

7.2CVSS0.00016EPSS

OSV•added 2026/02/10 4:16 p.m.•2 views

CVE-2025-64157

7.2CVSS6AI score

Exploits0References1

Cvelist•added 2026/02/10 3:39 p.m.•23 views

CVE-2025-64157

6.7CVSS0.00016EPSS

Exploits0References1

CVE•added 2026/02/10 3:39 p.m.•16 views

CVE-2025-64157

CVE-2025-64157 affects Fortinet FortiOS versions 7.0–7.6.4 (and 7.4.x, 7.2.x, 7.6.x ranges as listed) where an authenticated administrator can trigger unauthorized code execution via specifically crafted configuration due to an externally-controlled format string. Multiple connected sources (Fort...

7.2CVSS5.8AI score0.00016EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/10 3:39 p.m.•2 views

CVE-2025-64157

6.7CVSS5.8AI score0.00016EPSS

Exploits0References1

RedHat Linux•added 2026/02/10 1:45 p.m.•8 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00019EPSS

Exploits2References8

Positive Technologies•added 2026/02/10 12:0 a.m.•3 views

PT-2026-7276

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.0 through 7.2.11 Fortinet FortiOS versions 7.4.0 through 7.4.9 Fortinet FortiOS versions 7.6.0 through 7.6.4 Description An issue exists in Fortinet FortiOS where a use of externally-controlled format string can all...

7.2CVSS5.6AI score0.00016EPSS

Exploits0References3

Tenable Nessus•added 2026/02/10 12:0 a.m.•6 views

Fortinet Fortigate Format String in CAPWAP fast-failover mode (FG-IR-25-795)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-795 advisory. - A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through...

7.2CVSS5.9AI score0.00016EPSS

CNNVD•added 2026/02/10 12:0 a.m.•3 views

Fortinet FortiOS 格式化字符串错误漏洞

Fortinet FortiOS is a security operating system developed by Fortinet Corporation, specifically for use on the FortiGate network security platform. This system provides users with various security features such as firewalls, antivirus protection, IPSec/SSLVPN, web content filtering, and anti-spam...

7.2CVSS6.1AI score0.00016EPSS