Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,297
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,341 - 11,360 of 13,404 CVEs
CVE-2025-70084 HIGH - 7.5

Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.

Vendor: opensatkit
Product: opensatkit
Published: Feb 11, 2026
Source: NVD
CVE-2025-70083 HIGH - 7.8

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName i...

Vendor: opensatkit
Product: opensatkit
Published: Feb 11, 2026
Source: NVD
CVE-2025-70029 HIGH - 7.5

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options

Published: Feb 11, 2026
Source: NVD
CVE-2025-65480 HIGH - 8.8

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.

Published: Feb 11, 2026
Source: NVD
CVE-2025-65127 HIGH - 7.5

A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtai...

Published: Feb 11, 2026
Source: NVD
CVE-2026-2250 HIGH - 7.5

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to...

Published: Feb 11, 2026
Source: NVD
CVE-2025-52541 HIGH - 7.3

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Vendor: AMD
Product: Vivadoโ„ข Installation (Windows)
Published: Feb 11, 2026
Source: NVD
CVE-2025-48503 HIGH - 7.8

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Published: Feb 11, 2026
Source: NVD
CVE-2024-36324 HIGH - 8.8

Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.

Published: Feb 11, 2026
Source: NVD
CVE-2019-25310 HIGH - 7.8

ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated adm...

Vendor: Actfax
Product: ActiveFax Server
Published: Feb 11, 2026
Source: NVD
CVE-2019-25309 HIGH - 7.8

Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will b...

Vendor: Zilab Software Inc
Product: Zilab Remote Console Server
Published: Feb 11, 2026
Source: NVD
CVE-2019-25308 HIGH - 7.8

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.

Vendor: LiteManager Team
Product: Mikogo
Published: Feb 11, 2026
Source: NVD
CVE-2019-25307 HIGH - 7.8

WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges duri...

Vendor: Softalk
Product: WorkgroupMail
Published: Feb 11, 2026
Source: NVD
CVE-2019-25306 HIGH - 7.8

BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSyste...

Vendor: Blackmoon
Product: BlackMoon FTP Server
Published: Feb 11, 2026
Source: NVD
CVE-2026-26010 HIGH - 7.6

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically which has the Ingest...

Vendor: maven
Product: org.open-metadata:openmetadata-sdk
Published: Feb 11, 2026
Source: GitHub
CVE-2026-25990 HIGH - 7.5

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Vendor: pip
Product: pillow
Published: Feb 11, 2026
Source: GitHub
CVE-2026-0910 HIGH - 8.8

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated attackers, with Subscriber-level access and ...

Published: Feb 11, 2026
Source: NVD
CVE-2025-57713 HIGH - 7.5

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later

Vendor: QNAP Systems Inc.
Product: File Station 5
Published: Feb 11, 2026
Source: NVD
CVE-2025-57709 HIGH - 8.1

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) a...

Vendor: QNAP Systems Inc.
Product: Qsync Central
Published: Feb 11, 2026
Source: NVD
CVE-2025-57707 HIGH - 8.8

An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed...

Vendor: QNAP Systems Inc.
Product: File Station 5
Published: Feb 11, 2026
Source: NVD