Total CVEs

140,426

Critical Severity

3,747

High Severity

13,550

Last 7 Days

1,488
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,161 - 11,180 of 13,246 CVEs
CVE-2020-37185 HIGH - 7.5

Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.

Vendor: Nsasoft
Product: Nsauditor Backup Key Recovery
Published: Feb 11, 2026
Source: NVD
CVE-2020-37182 HIGH - 7.5

Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in pro...

Vendor: troglobit
Product: Redir
Published: Feb 11, 2026
Source: NVD
CVE-2020-37180 HIGH - 7.5

GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.

Vendor: Nsasoft
Product: Nsauditor GTalk Password Finder
Published: Feb 11, 2026
Source: NVD
CVE-2020-37179 HIGH - 7.5

APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.

Vendor: Nsasoft
Product: Nsauditor APKF Product Key Finder
Published: Feb 11, 2026
Source: NVD
CVE-2020-37178 HIGH - 7.5

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.

Vendor: Keepass
Product: KeePass Password Safe
Published: Feb 11, 2026
Source: NVD
CVE-2020-37177 HIGH - 7.5

BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH ch...

Vendor: Weird Solutions
Product: BOOTP Turbo
Published: Feb 11, 2026
Source: NVD
CVE-2020-37175 HIGH - 7.5

P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices.

Vendor: Ka Ming Cheung
Product: P2PWIFICAM2 for iOS
Published: Feb 11, 2026
Source: NVD
CVE-2020-37173 HIGH - 7.5

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_...

Vendor: AVideo
Product: AVideo Platform
Published: Feb 11, 2026
Source: NVD
CVE-2020-37104 HIGH - 7.5

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database inf...

Vendor: ASTPP
Product: ASTPP
Published: Feb 11, 2026
Source: NVD
CVE-2024-26480 HIGH - 7.5

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter.

Published: Feb 11, 2026
Source: NVD
CVE-2024-26477 HIGH - 7.5

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints.

Published: Feb 11, 2026
Source: NVD
CVE-2026-2321 HIGH - 8.8

Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2319 HIGH - 7.5

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2315 HIGH - 8.8

Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2314 HIGH - 8.8

Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2313 HIGH - 8.8

Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2025-69873 HIGH - 7.5

ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() construct...

Vendor: npm
Product: ajv
Published: Feb 11, 2026
Source: NVD
CVE-2025-69871 HIGH - 8.1

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage lim...

Published: Feb 11, 2026
Source: NVD

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS on h...

Vendor: go
Product: code.vikunja.io/api
Published: Feb 11, 2026
Source: GitHub
CVE-2026-25759 HIGH - 8.7

Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious...

Vendor: composer
Product: statamic/cms
Published: Feb 11, 2026
Source: GitHub