Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,001 - 11,020 of 14,108 CVEs
CVE-2025-67752 HIGH - 8.1

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper (`oeHttp`/`oeHttpRequest`) disables SSL/TLS certificate verification by default (`verify: false`), making all external HTTPS connections...

Vendor: openemr
Product: openemr
Published: Feb 25, 2026
Source: NVD
CVE-2026-3135 HIGH - 7.3

A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

Vendor: clive_21
Product: news_portal_project
Published: Feb 25, 2026
Source: NVD
CVE-2026-3134 HIGH - 7.3

A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argument Category results in sql injection. The attack may be performed from remote. The exploit has been ...

Vendor: clive_21
Product: news_portal_project
Published: Feb 25, 2026
Source: NVD
CVE-2026-3133 HIGH - 7.3

A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has b...

Vendor: admerc
Product: document_management_system
Published: Feb 25, 2026
Source: NVD
CVE-2026-25899 HIGH - 7.5

Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the `fiber_flash` cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...

Vendor: gofiber
Product: fiber
Published: Feb 24, 2026
Source: NVD
CVE-2026-25891 HIGH - 7.5

Fiber is an Express inspired web framework written in Go. A Path Traversal (CWE-22) vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been patc...

Vendor: gofiber
Product: fiber
Published: Feb 24, 2026
Source: NVD
CVE-2026-27598 HIGH - 6.5

Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the `CreateNewDAG` API endpoint (`POST /api/v1/dags`) does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML fi...

Vendor: go
Product: github.com/dagu-org/dagu
Published: Feb 24, 2026
Source: GitHub
CVE-2026-24443 HIGH - 8.8

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker who...

Vendor: NETIKUS.NET ltd
Product: EventSentry
Published: Feb 24, 2026
Source: NVD
CVE-2026-3105 HIGH - 7.6

SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated ag...

Vendor: composer
Product: mautic/core
Published: Feb 24, 2026
Source: NVD
CVE-2026-26340 HIGH - 7.5

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of surveilla...

Vendor: Tattile s.r.l.
Product: Smart+, Tolling+, Smart+ Speed, Smart+ Traffic Light, Axle Counter, Vega53, Vega33, Vega11, Basic MK2, ANPR Mobile
Published: Feb 24, 2026
Source: NVD
CVE-2026-22766 HIGH - 7.2

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

Vendor: Dell
Product: Wyse Management Suite
Published: Feb 24, 2026
Source: NVD
CVE-2026-22765 HIGH - 8.8

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Vendor: Dell
Product: Wyse Management Suite
Published: Feb 24, 2026
Source: NVD
CVE-2025-33181 HIGH - 7.3

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

Vendor: NVIDIA
Product: Cumulus Linux GA, Cumulus Linux LTS, NVOS
Published: Feb 24, 2026
Source: NVD
CVE-2025-33180 HIGH - 8.0

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

Vendor: NVIDIA
Product: Cumulus Linux GA, Cumulus Linux LTS, NVOS
Published: Feb 24, 2026
Source: NVD
CVE-2025-33179 HIGH - 8.0

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.

Vendor: NVIDIA
Product: Cumulus Linux GA, Cumulus Linux LTS, NVOS
Published: Feb 24, 2026
Source: NVD
CVE-2025-1789 HIGH - 7.8

Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system.

Vendor: genetec
Product: genetec_update_service
Published: Feb 24, 2026
Source: NVD
CVE-2026-27468 HIGH - 8.2

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content di...

Vendor: mastodon
Product: mastodon
Published: Feb 24, 2026
Source: NVD
CVE-2025-14963 HIGH - 7.8

A vulnerability identified in the Trellix HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsas...

Vendor: Trellix
Product: Endpoint HX Agent (xAgent)
Published: Feb 24, 2026
Source: NVD
CVE-2026-27590 HIGH - 9.8

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because `strings....

Vendor: caddyserver
Product: caddy
Published: Feb 24, 2026
Source: NVD
CVE-2026-27588 HIGH - 9.1

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP `host` request matcher is documented as case-insensitive, but when configured with a large host list (>100 entries) it becomes case-sensitive due to an optimized matching path. An attacker ...

Vendor: caddyserver
Product: caddy
Published: Feb 24, 2026
Source: NVD