Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,221
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,461 - 11,480 of 13,404 CVEs
CVE-2025-35998 HIGH - 7.9

Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation o...

Product: Intel(R) Platforms
Published: Feb 10, 2026
Source: NVD
CVE-2025-32008 HIGH - 8.6

Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applications may allow a denial of service. Network adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially ...

Product: Intel(R) AMT and Intel(R) Standard Manageability
Published: Feb 10, 2026
Source: NVD
CVE-2025-30513 HIGH - 7.9

Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements ar...

Product: TDX Module
Published: Feb 10, 2026
Source: NVD
CVE-2025-25210 HIGH - 8.2

Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This r...

Product: Server Firmware Update Utility(SysFwUpdt)
Published: Feb 10, 2026
Source: NVD
CVE-2025-22453 HIGH - 7.5

Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This res...

Product: Server Firmware Update Utility(SysFwUpdt)
Published: Feb 10, 2026
Source: NVD
CVE-2026-22153 HIGH - 8.1

An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.

Vendor: Fortinet
Product: FortiOS
Published: Feb 10, 2026
Source: NVD
CVE-2026-21743 HIGH - 7.2

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected e...

Vendor: Fortinet
Product: FortiAuthenticator
Published: Feb 10, 2026
Source: NVD
CVE-2026-1603 HIGH - 8.6

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

Vendor: ivanti
Product: endpoint_manager
Published: Feb 10, 2026
Source: NVD
CVE-2025-62676 HIGH - 7.1

An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arb...

Vendor: Fortinet
Product: FortiClientWindows
Published: Feb 10, 2026
Source: NVD
CVE-2025-52436 HIGH - 8.8

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthentic...

Vendor: Fortinet
Product: FortiSandbox
Published: Feb 10, 2026
Source: NVD
CVE-2025-7636 HIGH - 8.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc. ZEUS PDKS allows SQL Injection.This issue affects ZEUS PDKS: from <1.0.5.10 through 10022026. NOTE: The vendor was contacted e...

Published: Feb 10, 2026
Source: NVD
CVE-2025-7347 HIGH - 8.8

Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers.This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosure ...

Published: Feb 10, 2026
Source: NVD
CVE-2026-25577 HIGH - 7.5

Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause deni...

Vendor: pip
Product: emmett-core
Published: Feb 10, 2026
Source: GitHub
CVE-2025-6967 HIGH - 8.7

Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure b...

Published: Feb 10, 2026
Source: NVD
CVE-2025-15569 HIGH - 7.0

A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploita...

Vendor: Artifex
Product: MuPDF
Published: Feb 10, 2026
Source: NVD
CVE-2026-2268 HIGH - 7.5

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags` filter to user-supplied input within repeater fields, which allows the resolution of `{post_meta:KE...

Published: Feb 10, 2026
Source: NVD
CVE-2026-25656 HIGH - 7.8

A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially l...

Vendor: Siemens
Product: SINEC NMS, User Management Component (UMC)
Published: Feb 10, 2026
Source: NVD
CVE-2026-25655 HIGH - 7.8

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administr...

Vendor: Siemens
Product: SINEC NMS
Published: Feb 10, 2026
Source: NVD
CVE-2026-24343 HIGH - 8.8

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HertzBeat
Published: Feb 10, 2026
Source: NVD
CVE-2026-23720 HIGH - 7.8

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context...

Vendor: Siemens
Product: Simcenter Femap, Simcenter Nastran
Published: Feb 10, 2026
Source: NVD