Total CVEs

140,426

Critical Severity

3,747

High Severity

13,550

Last 7 Days

1,487
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,181 - 11,200 of 13,246 CVEs
CVE-2026-2361 HIGH - 8.0

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privi...

Published: Feb 11, 2026
Source: NVD
CVE-2026-2360 HIGH - 8.0

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is highe...

Published: Feb 11, 2026
Source: NVD
CVE-2025-70084 HIGH - 7.5

Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.

Vendor: opensatkit
Product: opensatkit
Published: Feb 11, 2026
Source: NVD
CVE-2025-70083 HIGH - 7.8

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName i...

Vendor: opensatkit
Product: opensatkit
Published: Feb 11, 2026
Source: NVD
CVE-2025-70029 HIGH - 7.5

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options

Published: Feb 11, 2026
Source: NVD
CVE-2025-65480 HIGH - 8.8

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.

Published: Feb 11, 2026
Source: NVD
CVE-2025-65127 HIGH - 7.5

A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtai...

Published: Feb 11, 2026
Source: NVD
CVE-2026-2250 HIGH - 7.5

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to...

Published: Feb 11, 2026
Source: NVD
CVE-2025-52541 HIGH - 7.3

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Vendor: AMD
Product: Vivadoโ„ข Installation (Windows)
Published: Feb 11, 2026
Source: NVD
CVE-2025-48503 HIGH - 7.8

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Published: Feb 11, 2026
Source: NVD
CVE-2024-36324 HIGH - 8.8

Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.

Published: Feb 11, 2026
Source: NVD
CVE-2019-25310 HIGH - 7.8

ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated adm...

Vendor: Actfax
Product: ActiveFax Server
Published: Feb 11, 2026
Source: NVD
CVE-2019-25309 HIGH - 7.8

Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will b...

Vendor: Zilab Software Inc
Product: Zilab Remote Console Server
Published: Feb 11, 2026
Source: NVD
CVE-2019-25308 HIGH - 7.8

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.

Vendor: LiteManager Team
Product: Mikogo
Published: Feb 11, 2026
Source: NVD
CVE-2019-25307 HIGH - 7.8

WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges duri...

Vendor: Softalk
Product: WorkgroupMail
Published: Feb 11, 2026
Source: NVD
CVE-2019-25306 HIGH - 7.8

BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSyste...

Vendor: Blackmoon
Product: BlackMoon FTP Server
Published: Feb 11, 2026
Source: NVD
CVE-2026-26010 HIGH - 7.6

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically which has the Ingest...

Vendor: maven
Product: org.open-metadata:openmetadata-sdk
Published: Feb 11, 2026
Source: GitHub
CVE-2026-25990 HIGH - 7.5

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Vendor: pip
Product: pillow
Published: Feb 11, 2026
Source: GitHub
CVE-2026-0910 HIGH - 8.8

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated attackers, with Subscriber-level access and ...

Published: Feb 11, 2026
Source: NVD
CVE-2025-57713 HIGH - 7.5

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later

Vendor: QNAP Systems Inc.
Product: File Station 5
Published: Feb 11, 2026
Source: NVD