Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,254
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,381 - 11,400 of 13,404 CVEs
CVE-2025-14541 HIGH - 7.2

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditional_tags parameter. This is due to the plugin using PHP's eval() function on user-controlled input without proper validation or sanitization. This ma...

Vendor: villatheme
Product: Lucky Wheel Giveaway
Published: Feb 11, 2026
Source: NVD

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not...

Vendor: pyca
Product: cryptography
Published: Feb 10, 2026
Source: NVD
CVE-2026-1507 HIGH - 7.5

The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.

Published: Feb 10, 2026
Source: NVD
CVE-2026-21349 HIGH - 7.8

Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Lightroom Desktop
Published: Feb 10, 2026
Source: NVD
CVE-2026-25506 HIGH - 7.7

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attack...

Vendor: dun
Product: munge
Published: Feb 10, 2026
Source: NVD
CVE-2026-21353 HIGH - 7.8

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: DNG SDK
Published: Feb 10, 2026
Source: NVD
CVE-2026-21352 HIGH - 7.8

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: DNG SDK
Published: Feb 10, 2026
Source: NVD
CVE-2026-21347 HIGH - 7.8

Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Bridge
Published: Feb 10, 2026
Source: NVD
CVE-2026-21346 HIGH - 7.8

Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Bridge
Published: Feb 10, 2026
Source: NVD
CVE-2026-21345 HIGH - 7.8

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current use...

Vendor: Adobe
Product: Substance3D - Stager
Published: Feb 10, 2026
Source: NVD
CVE-2026-21344 HIGH - 7.8

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current use...

Vendor: Adobe
Product: Substance3D - Stager
Published: Feb 10, 2026
Source: NVD
CVE-2026-21343 HIGH - 7.8

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current use...

Vendor: Adobe
Product: Substance3D - Stager
Published: Feb 10, 2026
Source: NVD
CVE-2026-21342 HIGH - 7.8

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Substance3D - Stager
Published: Feb 10, 2026
Source: NVD
CVE-2026-21341 HIGH - 7.8

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Substance3D - Stager
Published: Feb 10, 2026
Source: NVD
CVE-2026-1848 HIGH - 7.5

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.

Published: Feb 10, 2026
Source: NVD
CVE-2026-25992 HIGH - 7.5

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read protecte...

Vendor: siyuan-note
Product: siyuan
Published: Feb 10, 2026
Source: NVD
CVE-2026-25947 HIGH - 8.8

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation a...

Vendor: Worklenz
Product: worklenz
Published: Feb 10, 2026
Source: NVD
CVE-2026-25646 HIGH - 8.1

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number...

Vendor: pnggroup
Product: libpng
Published: Feb 10, 2026
Source: NVD
CVE-2026-25611 HIGH - 7.5

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.

Vendor: MongoDB Inc
Product: MongoDB Server
Published: Feb 10, 2026
Source: NVD
CVE-2026-24045 HIGH - 7.3

Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting (XSS) attacks, wher...

Vendor: docmost
Product: docmost
Published: Feb 10, 2026
Source: NVD