Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,241 - 11,260 of 14,604 CVEs
CVE-2026-26993 MEDIUM - 4.6

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG (or other active content formats such as HTML o...

Vendor: FlintSH
Product: Flare
Published: Feb 20, 2026
Source: NVD
CVE-2026-2819 MEDIUM - 6.3

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely. Th...

Published: Feb 20, 2026
Source: NVD
CVE-2026-26977 MEDIUM - 5.3

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release.

Vendor: frappe
Product: lms
Published: Feb 20, 2026
Source: NVD
CVE-2026-26967 MEDIUM - 5.3

PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL...

Vendor: pjsip
Product: pjproject
Published: Feb 20, 2026
Source: NVD
CVE-2026-2605 MEDIUM - 5.3

Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.

Vendor: tanium
Product: tanos
Published: Feb 20, 2026
Source: NVD
CVE-2026-2435 MEDIUM - 6.3

Tanium addressed a SQL injection vulnerability in Asset.

Published: Feb 20, 2026
Source: NVD
CVE-2026-2408 MEDIUM - 4.7

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.

Published: Feb 20, 2026
Source: NVD
CVE-2026-2350 MEDIUM - 6.5

Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.

Published: Feb 20, 2026
Source: NVD
CVE-2026-1292 MEDIUM - 6.5

Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.

Published: Feb 20, 2026
Source: NVD
CVE-2026-26953 MEDIUM - 5.4

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.0 and above have a Stored HTML Injection vulnerability in the active sessions table located on the API settings page, allowing an attacker with valid credentials...

Vendor: pi-hole
Product: web
Published: Feb 19, 2026
Source: NVD
CVE-2026-26952 MEDIUM - 5.4

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection through the local DNS records configuration page, which allows an authenticated administrator to inject code t...

Vendor: pi-hole
Product: web
Published: Feb 19, 2026
Source: NVD
CVE-2026-1658 MEDIUM - 5.3

User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning.  The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Direct...

Vendor: opentext
Product: directory_services
Published: Feb 19, 2026
Source: NVD
CVE-2025-8055 MEDIUM - 5.3

Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery.  The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2.

Published: Feb 19, 2026
Source: NVD
CVE-2026-26744 MEDIUM - 5.3

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are reg...

Vendor: formalms
Product: formalms
Published: Feb 19, 2026
Source: NVD
CVE-2026-27440 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.7.6.

Vendor: Saad Iqbal
Product: myCred
Published: Feb 19, 2026
Source: NVD
CVE-2026-27387 MEDIUM - 5.4

Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.

Vendor: designinvento
Product: DirectoryPress
Published: Feb 19, 2026
Source: NVD
CVE-2026-27368 MEDIUM - 5.9

Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from...

Vendor: SeedProd
Product: Coming Soon Page, Under Construction & Maintenance Mode by SeedProd
Published: Feb 19, 2026
Source: NVD
CVE-2026-27360 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.

Vendor: 10Web
Product: Photo Gallery by 10Web
Published: Feb 19, 2026
Source: NVD
CVE-2026-27328 MEDIUM - 5.3

Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7.

Vendor: DevsBlink
Product: EduBlink
Published: Feb 19, 2026
Source: NVD
CVE-2026-27014 MEDIUM - 5.5

NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop, and deeply nested directories cause unbounded recursion (stack overflow) in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.

Vendor: M2Team
Product: NanaZip
Published: Feb 19, 2026
Source: NVD