Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,041 - 11,060 of 14,108 CVEs
CVE-2026-1773 HIGH - 7.5

IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of explo...

Vendor: hitachienergy
Product: rtu540_firmware
Published: Feb 24, 2026
Source: NVD
CVE-2026-2664 HIGH - 7.8

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop 4.6...

Vendor: docker
Product: desktop
Published: Feb 24, 2026
Source: NVD
CVE-2024-56373 HIGH - 8.4

DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a re...

Vendor: Apache Software Foundation
Product: Apache Airflow
Published: Feb 24, 2026
Source: NVD
CVE-2024-1524 HIGH - 7.7

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local us...

Vendor: wso2
Product: api_manager
Published: Feb 24, 2026
Source: NVD
CVE-2025-15386 HIGH - 8.8

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved.

Vendor: Unknown
Product: Responsive Lightbox & Gallery
Published: Feb 24, 2026
Source: NVD
CVE-2026-3069 HIGH - 7.3

A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may b...

Vendor: admerc
Product: document_management_system
Published: Feb 24, 2026
Source: NVD
CVE-2026-3068 HIGH - 7.3

A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the publi...

Vendor: admerc
Product: document_management_system
Published: Feb 24, 2026
Source: NVD
CVE-2026-25989 HIGH - 7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(si...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-1459 HIGH - 7.2

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected devic...

Vendor: zyxel
Product: vmg8623-t50b_firmware
Published: Feb 24, 2026
Source: NVD
CVE-2025-13943 HIGH - 8.8

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

Vendor: Zyxel
Product: EX3301-T0 firmware
Published: Feb 24, 2026
Source: NVD
CVE-2026-3053 HIGH - 7.3

A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch ...

Vendor: dinky
Product: dinky
Published: Feb 24, 2026
Source: NVD
CVE-2026-25985 HIGH - 7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. Versions 7.1.2-1...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25968 HIGH - 7.4

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions ...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25967 HIGH - 7.4

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 c...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25965 HIGH - 8.6

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypas...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-3046 HIGH - 7.3

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This vulnerability affects unknown code of the file /check_profile_old.php. The manipulation of the argument profile_id leads to sql injection. Remote exploitation of the attack is po...

Vendor: emiloi
Product: e-logbook_with_health_monitoring_system_for_covid-19
Published: Feb 24, 2026
Source: NVD
CVE-2026-27642 HIGH - 7.5

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters (e.g., %00) into the supi parameter, triggering internal URL parsing errors (net/...

Vendor: free5gc
Product: udm
Published: Feb 24, 2026
Source: NVD
CVE-2026-26025 HIGH - 7.5

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstre...

Vendor: free5gc
Product: smf
Published: Feb 24, 2026
Source: NVD
CVE-2026-26024 HIGH - 7.5

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstre...

Vendor: free5gc
Product: smf
Published: Feb 24, 2026
Source: NVD
CVE-2026-25794 HIGH - 8.2

ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD