Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,712
Quick preset (or use dates below)
Clear Filters
Showing 11,161 - 11,180 of 14,108 CVEs
CVE-2026-2865 HIGH - 7.3

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Product results in sql injection. The attack may be initia...

Vendor: adonesevangelista
Product: agri-trading_online_shopping_system
Published: Feb 21, 2026
Source: NVD
CVE-2026-27470 HIGH - 8.8

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents() function. Event field values (specifically Name a...

Vendor: ZoneMinder
Product: zoneminder
Published: Feb 21, 2026
Source: NVD
CVE-2026-27466 HIGH - 7.2

BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ClamAV as presentation file scanner contains instructions that leave a BBB server vulnerable for Denial of Service. The flawed command expos...

Vendor: bigbluebutton
Product: bigbluebutton
Published: Feb 21, 2026
Source: NVD
CVE-2026-27464 HIGH - 7.7

Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileged ...

Vendor: metabase
Product: metabase
Published: Feb 21, 2026
Source: NVD
CVE-2026-26046 HIGH - 7.2

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could r...

Vendor: moodle
Product: moodle
Published: Feb 21, 2026
Source: NVD
CVE-2026-26045 HIGH - 7.2

A flaw was identified in Moodleโ€™s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to ...

Vendor: composer
Product: moodle/moodle
Published: Feb 21, 2026
Source: NVD
CVE-2026-27202 HIGH - 7.5

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.

Vendor: GetSimpleCMS-CE
Product: GetSimpleCMS-CE
Published: Feb 21, 2026
Source: NVD
CVE-2026-27170 HIGH - 7.1

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local netwo...

Vendor: OpenSift
Product: OpenSift
Published: Feb 21, 2026
Source: NVD
CVE-2026-27169 HIGH - 8.9

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when lat...

Vendor: OpenSift
Product: OpenSift
Published: Feb 21, 2026
Source: NVD
CVE-2026-27168 HIGH - 8.8

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in...

Vendor: HappySeaFox
Product: sail
Published: Feb 21, 2026
Source: NVD
CVE-2026-27161 HIGH - 7.5

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled (common in hardened or shared hosting environments), these protections are silently ignore...

Vendor: GetSimpleCMS-CE
Product: GetSimpleCMS-CE
Published: Feb 21, 2026
Source: NVD
CVE-2026-27134 HIGH - 8.1

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly configures the trusted certi...

Vendor: strimzi
Product: strimzi-kafka-operator
Published: Feb 21, 2026
Source: NVD
CVE-2026-2492 HIGH - 7.0

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target system i...

Published: Feb 20, 2026
Source: NVD
CVE-2026-2048 HIGH - 7.8

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...

Vendor: gimp
Product: gimp
Published: Feb 20, 2026
Source: NVD
CVE-2026-2047 HIGH - 7.8

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or ...

Vendor: gimp
Product: gimp
Published: Feb 20, 2026
Source: NVD
CVE-2026-2045 HIGH - 7.8

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m...

Vendor: gimp
Product: gimp
Published: Feb 20, 2026
Source: NVD
CVE-2026-2044 HIGH - 7.8

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ...

Vendor: gimp
Product: gimp
Published: Feb 20, 2026
Source: NVD
CVE-2026-2043 HIGH - 7.2

Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists w...

Vendor: nagios
Product: nagios_xi
Published: Feb 20, 2026
Source: NVD
CVE-2026-2042 HIGH - 7.2

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the monitoring...

Vendor: nagios
Product: nagios_xi
Published: Feb 20, 2026
Source: NVD
CVE-2026-2041 HIGH - 7.2

Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within t...

Vendor: nagios
Product: nagios_xi
Published: Feb 20, 2026
Source: NVD