Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 10,821 - 10,840 of 14,221 CVEs
CVE-2026-3269 MEDIUM - 4.3

A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial of s...

Vendor: maven
Product: com.github.psi-probe:psi-probe-core
Published: Feb 27, 2026
Source: NVD
CVE-2026-27773 MEDIUM - 6.5

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Vendor: SWITCH EV
Product: swtchenergy.com
Published: Feb 27, 2026
Source: NVD
CVE-2026-22890 MEDIUM - 6.5

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Vendor: EV2GO
Product: ev2go.io
Published: Feb 27, 2026
Source: NVD
CVE-2026-20791 MEDIUM - 6.5

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Vendor: Chargemap
Product: chargemap.com
Published: Feb 27, 2026
Source: NVD
CVE-2026-20733 MEDIUM - 6.5

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

Vendor: CloudCharge
Product: cloudcharge.se
Published: Feb 27, 2026
Source: NVD
CVE-2026-1585 MEDIUM - 6.7

An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service.

Published: Feb 27, 2026
Source: NVD
CVE-2026-3268 MEDIUM - 5.4

A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttributeController.java of the component Session Attribute Handler. Performing a manipulation results in impr...

Published: Feb 26, 2026
Source: NVD
CVE-2026-3265 MEDIUM - 6.3

A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit...

Vendor: go2ismail
Product: free-crm
Published: Feb 26, 2026
Source: NVD
CVE-2026-3264 MEDIUM - 6.3

A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead to execution after redirect. The attack can be executed remotely. The...

Vendor: go2ismail
Product: free-crm
Published: Feb 26, 2026
Source: NVD
CVE-2026-28280 MEDIUM - 6.1

osctrl is an osquery management solution. Prior to version 0.5.0, a stored cross-site scripting (XSS) vulnerability exists in the `osctrl-admin` on-demand query list. A user with query-level permissions can inject arbitrary JavaScript via the query parameter when running an on-demand query. The payl...

Vendor: jmpsec
Product: osctrl
Published: Feb 26, 2026
Source: NVD
CVE-2026-28269 MEDIUM - 5.9

Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access. Versi...

Vendor: kiteworks
Product: security-advisories
Published: Feb 26, 2026
Source: NVD
CVE-2026-28230 MEDIUM - 6.3

SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction solely by transactionId (a sequential integer starting from 1) without verifying that the requesting charger matches t...

Vendor: steve-community
Product: steve
Published: Feb 26, 2026
Source: NVD
CVE-2026-28226 MEDIUM - 6.5

Phishing Club is a phishing simulation and man-in-the-middle framework. Prior to version 1.30.2, an authenticated SQL injection vulnerability exists in the GetOrphaned recipient listing endpoint in versions prior to v1.30.2. The endpoint constructs a raw SQL query and concatenates the user-controlle...

Vendor: phishingclub
Product: phishingclub
Published: Feb 26, 2026
Source: NVD
CVE-2026-28225 MEDIUM - 5.3

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the `get_model` method in `ModelFilesController` (line 158-160) loads models using `Model.find_param(params[:model_id])` without `policy_scop...

Vendor: manyfold3d
Product: manyfold
Published: Feb 26, 2026
Source: NVD
CVE-2026-28217 MEDIUM - 6.5

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the `userCollection` GraphQL query accepts an arbitrary collection ID and returns the full collection data โ€” including title, type, and the serialized `data` field containing HTTP requests with headers and potentially...

Vendor: hoppscotch
Product: hoppscotch
Published: Feb 26, 2026
Source: NVD
CVE-2026-28208 MEDIUM - 5.9

Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on Linux/Unix....

Vendor: junrar
Product: junrar
Published: Feb 26, 2026
Source: NVD
CVE-2026-28207 MEDIUM - 6.6

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability (CWE-78) in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the `-o` command...

Vendor: z-libs
Product: Zen-C
Published: Feb 26, 2026
Source: NVD
CVE-2026-27839 MEDIUM - 4.3

wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three `nutritional_values` action endpoints fetch objects via `Model.objects.get(pk=pk)` โ€” a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private ...

Vendor: wger-project
Product: wger
Published: Feb 26, 2026
Source: NVD
CVE-2026-3263 MEDIUM - 6.3

A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote exploitatio...

Vendor: go2ismail
Product: asp.net-core-inventory-order-management-system
Published: Feb 26, 2026
Source: NVD
CVE-2026-3262 MEDIUM - 6.3

A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been discl...

Vendor: go2ismail
Product: asp.net-core-inventory-order-management-system
Published: Feb 26, 2026
Source: NVD