Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,141 - 11,160 of 14,604 CVEs
CVE-2026-2860 MEDIUM - 6.3

A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper authorization. It is possible to initiate the attack rem...

Published: Feb 21, 2026
Source: NVD
CVE-2025-65995 MEDIUM - 6.5

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG.  The issu...

Vendor: Apache Software Foundation
Product: Apache Airflow
Published: Feb 21, 2026
Source: NVD
CVE-2026-27189 MEDIUM - 6.6

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state across...

Vendor: OpenSift
Product: OpenSift
Published: Feb 21, 2026
Source: NVD
CVE-2026-27147 MEDIUM - 5.4

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed malicious...

Vendor: GetSimpleCMS-CE
Product: GetSimpleCMS-CE
Published: Feb 21, 2026
Source: NVD
CVE-2026-27146 MEDIUM - 4.5

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The re...

Vendor: GetSimpleCMS-CE
Product: GetSimpleCMS-CE
Published: Feb 21, 2026
Source: NVD
CVE-2026-2490 MEDIUM - 5.5

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged cod...

Published: Feb 20, 2026
Source: NVD
CVE-2026-2035 MEDIUM - 6.8

Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw ex...

Published: Feb 20, 2026
Source: NVD
CVE-2026-27133 MEDIUM - 5.9

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA (Certificate Authority) certificates is used in the trusted certificates configuration of a Kafka Connect operan...

Vendor: strimzi
Product: strimzi-kafka-operator
Published: Feb 20, 2026
Source: NVD
CVE-2019-25453 MEDIUM - 6.1

phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. Attackers can craft URLs with JavaScript payloads in the newdb parameter of moadmin.php to execute arbitrary code in users&#...

Vendor: Phpmoadmin
Product: phpMoAdmin
Published: Feb 20, 2026
Source: NVD
CVE-2019-25451 MEDIUM - 4.3

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collection t...

Vendor: Phpmoadmin
Product: phpMoAdmin
Published: Feb 20, 2026
Source: NVD
CVE-2019-25449 MEDIUM - 6.1

OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute arbitra...

Vendor: Orientdb
Product: OrientDB
Published: Feb 20, 2026
Source: NVD
CVE-2019-25448 MEDIUM - 6.4

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to execu...

Vendor: Orientdb
Product: OrientDB
Published: Feb 20, 2026
Source: NVD
CVE-2019-25447 MEDIUM - 4.3

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes, manag...

Vendor: Orientdb
Product: OrientDB
Published: Feb 20, 2026
Source: NVD
CVE-2019-25437 MEDIUM - 6.2

Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 5000-character buffer into the UID parameter during device addition to trigger an appli...

Vendor: Foscam
Product: Foscam Video Management System
Published: Feb 20, 2026
Source: NVD
CVE-2019-25436 MEDIUM - 6.5

Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to by...

Vendor: Sricam
Product: DeviceViewer
Published: Feb 20, 2026
Source: NVD
CVE-2026-27113 MEDIUM - 6.3

Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git reposito...

Vendor: liquidprompt
Product: liquidprompt
Published: Feb 20, 2026
Source: NVD
CVE-2026-27576 MEDIUM - 4.0

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integra...

Vendor: npm
Product: openclaw
Published: Feb 20, 2026
Source: GitHub
CVE-2026-27482 MEDIUM - 5.9

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or...

Vendor: pip
Product: ray
Published: Feb 20, 2026
Source: GitHub
CVE-2026-27568 MEDIUM - 6.1

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown (v1.7.4) without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing `javascript:` URIs to be rendered as clickable links. An authenticated low-priv...

Vendor: composer
Product: wwbn/avideo
Published: Feb 20, 2026
Source: GitHub
CVE-2026-27492 MEDIUM - 4.7

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties (such as to, subject, html, text, and attachments) are not reset between sends when a single client instance is reused across multiple .send() calls. This can cause properties from a prev...

Vendor: npm
Product: lettermint
Published: Feb 20, 2026
Source: GitHub