Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 10,921 - 10,940 of 14,221 CVEs
CVE-2026-25743 MEDIUM - 4.8

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("forms") in patient encounters. The answers to the forms are displayed on the encou...

Vendor: openemr
Product: openemr
Published: Feb 25, 2026
Source: NVD
CVE-2026-25220 MEDIUM - 6.5

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes it to `getPnotesByUser()`, which returns all internal messages (all users’ notes). The backend does ...

Vendor: openemr
Product: openemr
Published: Feb 25, 2026
Source: NVD
CVE-2026-24487 MEDIUM - 6.5

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of being r...

Vendor: openemr
Product: openemr
Published: Feb 25, 2026
Source: NVD
CVE-2026-25736 MEDIUM - 6.1

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the Custom RSE Attribute of the WebUI where a...

Vendor: pip
Product: rucio-webui
Published: Feb 25, 2026
Source: GitHub
CVE-2026-25735 MEDIUM - 6.1

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the Identity Name of the WebUI where attacker...

Vendor: pip
Product: rucio-webui
Published: Feb 25, 2026
Source: GitHub
CVE-2026-25734 MEDIUM - 6.1

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the RSE metadata of the WebUI where attacker-...

Vendor: pip
Product: rucio-webui
Published: Feb 25, 2026
Source: GitHub
CVE-2026-27799 MEDIUM - 4.0

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row ...

Vendor: nuget
Product: Magick.NET-Q16-AnyCPU
Published: Feb 25, 2026
Source: GitHub
CVE-2026-27798 MEDIUM - 4.0

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 c...

Vendor: nuget
Product: Magick.NET-Q16-AnyCPU
Published: Feb 25, 2026
Source: GitHub
CVE-2026-25138 MEDIUM - 5.3

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username exis...

Vendor: pip
Product: rucio-webui
Published: Feb 25, 2026
Source: GitHub
CVE-2026-3194 MEDIUM - 4.5

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated...

Published: Feb 25, 2026
Source: NVD
CVE-2026-27795 MEDIUM - 4.1

LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to follow redirects automa...

Vendor: langchain-ai
Product: langchainjs
Published: Feb 25, 2026
Source: NVD
CVE-2026-27794 MEDIUM - 6.6

LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from `BaseCache` and opt nodes into caching via `CachePolicy`. Prio...

Vendor: langchain-ai
Product: langgraph-checkpoint
Published: Feb 25, 2026
Source: NVD
CVE-2026-25554 MEDIUM - 6.5

OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c when db_mode is enabled and a SQL database backend is used. The function extracts the tag claim from a ...

Vendor: OpenSIPS
Product: OpenSIPS
Published: Feb 25, 2026
Source: NVD
CVE-2026-27829 MEDIUM - 6.5

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images...

Vendor: npm
Product: @astrojs/node
Published: Feb 25, 2026
Source: GitHub
CVE-2026-3192 MEDIUM - 5.6

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack ...

Published: Feb 25, 2026
Source: NVD

The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic norma...

Vendor: angular
Product: angular-cli
Published: Feb 25, 2026
Source: NVD
CVE-2026-27736 MEDIUM - 6.1

BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received with errorRedirectUrl lacks validation, using it directly in the respondWithRedirect function leads to an Open Redirect vulnerability. BigBlueButton 3.0.20 patches the issue. No know...

Vendor: bigbluebutton
Product: bigbluebutton
Published: Feb 25, 2026
Source: NVD
CVE-2026-27705 MEDIUM - 6.5

Plane is an an open-source project management tool. Prior to version 1.2.2, the `ProjectAssetEndpoint.patch()` method in `apps/api/plane/app/views/asset/v2.py` (lines 579–593) performs a global asset lookup using only the asset ID (`pk`) via `FileAsset.objects.get(id=pk)`, without verifying that the...

Vendor: makeplane
Product: plane
Published: Feb 25, 2026
Source: NVD
CVE-2026-26717 MEDIUM - 4.8

An issue in OpenFUN Richie (LMS) in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the sync_course_run_from_request function. This allows remote attackers to forge valid signatures and bypass authentication by measuring respo...

Vendor: pip
Product: richie
Published: Feb 25, 2026
Source: NVD
CVE-2026-20133 MEDIUM - 6.5

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an ...

Vendor: Cisco
Product: Cisco Catalyst SD-WAN Manager
Published: Feb 25, 2026
Source: NVD