Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 10,941 - 10,960 of 14,221 CVEs
CVE-2026-20122 MEDIUM - 5.4

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerabi...

Vendor: Cisco
Product: Cisco Catalyst SD-WAN Manager
Published: Feb 25, 2026
Source: NVD
CVE-2026-20107 MEDIUM - 5.5

A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacke...

Vendor: Cisco
Product: Cisco Application Policy Infrastructure Controller (APIC)
Published: Feb 25, 2026
Source: NVD
CVE-2026-20099 MEDIUM - 6.7

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root.&nbs...

Vendor: Cisco
Product: Cisco Firepower Extensible Operating System (FXOS), Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Unified Computing System (Managed)
Published: Feb 25, 2026
Source: NVD
CVE-2026-20091 MEDIUM - 4.8

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of ...

Vendor: Cisco
Product: Cisco Firepower Extensible Operating System (FXOS), Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Unified Computing System (Managed)
Published: Feb 25, 2026
Source: NVD
CVE-2026-20037 MEDIUM - 4.4

A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system.   This vulnerability exists because unnecessary privileges are giv...

Vendor: Cisco
Product: Cisco Unified Computing System (Managed)
Published: Feb 25, 2026
Source: NVD
CVE-2026-20036 MEDIUM - 6.5

A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device.    This vulnerabi...

Vendor: Cisco
Product: Cisco Unified Computing System (Managed)
Published: Feb 25, 2026
Source: NVD
CVE-2026-3188 MEDIUM - 4.3

A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the attack...

Published: Feb 25, 2026
Source: NVD
CVE-2026-27846 MEDIUM - 6.2

Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network  to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects MR9...

Vendor: Linksys
Product: MR9600, MX4200
Published: Feb 25, 2026
Source: NVD
CVE-2026-3203 MEDIUM - 5.5

RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Feb 25, 2026
Source: NVD
CVE-2026-3202 MEDIUM - 4.7

NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Feb 25, 2026
Source: NVD
CVE-2026-3201 MEDIUM - 4.7

USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Feb 25, 2026
Source: NVD
CVE-2026-3187 MEDIUM - 6.3

A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit ...

Vendor: szadmin
Product: sz-boot-parent
Published: Feb 25, 2026
Source: NVD
CVE-2026-2878 MEDIUM - 5.3

In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.

Vendor: progress
Product: telerik_ui_for_asp.net_ajax
Published: Feb 25, 2026
Source: NVD
CVE-2026-27695 MEDIUM - 4.3

zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key (`namespace/ENTITY#{id}`). A high-traffic entity can exceed DynamoDB's per-partition throughput limits (~1,000 WCU/s...

Vendor: zeroae
Product: zae-limiter
Published: Feb 25, 2026
Source: NVD
CVE-2026-27691 MEDIUM - 6.2

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when pro...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Feb 25, 2026
Source: NVD
CVE-2026-3186 MEDIUM - 6.3

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default password....

Vendor: szadmin
Product: sz-boot-parent
Published: Feb 25, 2026
Source: NVD
CVE-2026-3185 MEDIUM - 5.3

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploit h...

Vendor: szadmin
Product: sz-boot-parent
Published: Feb 25, 2026
Source: NVD
CVE-2026-28195 MEDIUM - 4.3

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations

Vendor: JetBrains
Product: TeamCity
Published: Feb 25, 2026
Source: NVD
CVE-2026-28194 MEDIUM - 4.3

In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow

Vendor: JetBrains
Product: TeamCity
Published: Feb 25, 2026
Source: NVD
CVE-2026-3118 MEDIUM - 6.5

A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This r...

Vendor: redhat
Product: developer_hub
Published: Feb 25, 2026
Source: NVD