Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,220
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,481 - 11,500 of 13,404 CVEs
CVE-2026-23719 HIGH - 7.8

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an attacker to execute code in the context o...

Vendor: Siemens
Product: Simcenter Femap, Simcenter Nastran
Published: Feb 10, 2026
Source: NVD
CVE-2026-23718 HIGH - 7.8

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context...

Vendor: Siemens
Product: Simcenter Femap, Simcenter Nastran
Published: Feb 10, 2026
Source: NVD
CVE-2026-23717 HIGH - 7.8

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context...

Vendor: Siemens
Product: Simcenter Femap, Simcenter Nastran
Published: Feb 10, 2026
Source: NVD
CVE-2026-23716 HIGH - 7.8

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context...

Vendor: Siemens
Product: Simcenter Femap, Simcenter Nastran
Published: Feb 10, 2026
Source: NVD
CVE-2026-23715 HIGH - 7.8

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the contex...

Vendor: Siemens
Product: Simcenter Femap, Simcenter Nastran
Published: Feb 10, 2026
Source: NVD
CVE-2026-22923 HIGH - 7.8

A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially lead to arbitrary code execution.

Vendor: Siemens
Product: NX
Published: Feb 10, 2026
Source: NVD
CVE-2026-1866 HIGH - 7.2

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling `html_entity_decode()` before `wp_kses()`, and then calling `html_entity_d...

Published: Feb 10, 2026
Source: NVD
CVE-2025-40587 HIGH - 7.6

A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authenticated remote attacker to conduct a stored cross-site sc...

Vendor: Siemens
Product: Polarion V2404, Polarion V2410
Published: Feb 10, 2026
Source: NVD
CVE-2026-2097 HIGH - 8.8

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Vendor: flowring
Product: agentflow
Published: Feb 10, 2026
Source: NVD
CVE-2026-2094 HIGH - 8.8

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Published: Feb 10, 2026
Source: NVD
CVE-2026-2093 HIGH - 7.5

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Published: Feb 10, 2026
Source: NVD
CVE-2025-11547 HIGH - 7.8

AXIS Camera Station Pro contained a flaw toย perform a privilege escalation attack on the server as a non-admin user.

Vendor: Axis Communications AB
Product: AXIS Camera Station Pro
Published: Feb 10, 2026
Source: NVD
CVE-2025-11142 HIGH - 7.1

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.

Vendor: Axis Communications AB
Product: AXIS OS
Published: Feb 10, 2026
Source: NVD
CVE-2026-2260 HIGH - 7.2

A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerabili...

Vendor: dlink
Product: dcs-931l_firmware
Published: Feb 10, 2026
Source: NVD
CVE-2026-24322 HIGH - 7.7

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.

Vendor: SAP_SE
Product: SAP Solution Tools Plug-In (ST-PI)
Published: Feb 10, 2026
Source: NVD
CVE-2026-23689 HIGH - 7.7

Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution tha...

Vendor: SAP_SE
Product: SAP Supply Chain Management
Published: Feb 10, 2026
Source: NVD
CVE-2026-23687 HIGH - 8.8

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive us...

Vendor: SAP_SE
Product: SAP NetWeaver AS ABAP and ABAP Platform
Published: Feb 10, 2026
Source: NVD
CVE-2026-0508 HIGH - 7.3

The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domai...

Vendor: sap
Product: businessobjects_business_intelligence_platform
Published: Feb 10, 2026
Source: NVD
CVE-2026-0490 HIGH - 7.5

SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on the c...

Vendor: sap
Product: businessobjects_business_intelligence_platform
Published: Feb 10, 2026
Source: NVD
CVE-2026-0485 HIGH - 7.5

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering...

Vendor: sap
Product: businessobjects_business_intelligence_platform
Published: Feb 10, 2026
Source: NVD