Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,297
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,321 - 11,340 of 13,404 CVEs
CVE-2020-37180 HIGH - 7.5

GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.

Vendor: Nsasoft
Product: Nsauditor GTalk Password Finder
Published: Feb 11, 2026
Source: NVD
CVE-2020-37179 HIGH - 7.5

APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.

Vendor: Nsasoft
Product: Nsauditor APKF Product Key Finder
Published: Feb 11, 2026
Source: NVD
CVE-2020-37178 HIGH - 7.5

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.

Vendor: Keepass
Product: KeePass Password Safe
Published: Feb 11, 2026
Source: NVD
CVE-2020-37177 HIGH - 7.5

BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH ch...

Vendor: Weird Solutions
Product: BOOTP Turbo
Published: Feb 11, 2026
Source: NVD
CVE-2020-37175 HIGH - 7.5

P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices.

Vendor: Ka Ming Cheung
Product: P2PWIFICAM2 for iOS
Published: Feb 11, 2026
Source: NVD
CVE-2020-37173 HIGH - 7.5

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_...

Vendor: AVideo
Product: AVideo Platform
Published: Feb 11, 2026
Source: NVD
CVE-2020-37104 HIGH - 7.5

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database inf...

Vendor: ASTPP
Product: ASTPP
Published: Feb 11, 2026
Source: NVD
CVE-2024-26480 HIGH - 7.5

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter.

Published: Feb 11, 2026
Source: NVD
CVE-2024-26477 HIGH - 7.5

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints.

Published: Feb 11, 2026
Source: NVD
CVE-2026-2321 HIGH - 8.8

Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2319 HIGH - 7.5

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2315 HIGH - 8.8

Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2314 HIGH - 8.8

Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2313 HIGH - 8.8

Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2025-69873 HIGH - 7.5

ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() construct...

Vendor: npm
Product: ajv
Published: Feb 11, 2026
Source: NVD
CVE-2025-69871 HIGH - 8.1

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage lim...

Published: Feb 11, 2026
Source: NVD

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS on h...

Vendor: go
Product: code.vikunja.io/api
Published: Feb 11, 2026
Source: GitHub
CVE-2026-25759 HIGH - 8.7

Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious...

Vendor: composer
Product: statamic/cms
Published: Feb 11, 2026
Source: GitHub
CVE-2026-2361 HIGH - 8.0

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privi...

Published: Feb 11, 2026
Source: NVD
CVE-2026-2360 HIGH - 8.0

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is highe...

Published: Feb 11, 2026
Source: NVD