Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,217
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 11,521 - 11,540 of 13,404 CVEs
CVE-2026-24683 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This vulnera...

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24682 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24681 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_write_completion. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24680 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24678 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24676 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, leading to a use after free in audio_format_compatible. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24675 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24491 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-23948 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerabil...

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-25761 HIGH - 8.8

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull requ...

Vendor: actions
Product: super-linter/super-linter
Published: Feb 09, 2026
Source: GitHub
CVE-2026-25639 HIGH - 7.5

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object crea...

Vendor: npm
Product: axios
Published: Feb 09, 2026
Source: GitHub
CVE-2026-25478 HIGH - 7.4

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharacters are not escaped, a malicious origin can match ...

Vendor: pip
Product: litestar
Published: Feb 09, 2026
Source: GitHub
CVE-2025-59023 HIGH - 8.2

Crafted delegations or IP fragments can poison cached delegations in Recursor.

Vendor: PowerDNS
Product: Recursor
Published: Feb 09, 2026
Source: NVD
CVE-2025-10465 HIGH - 8.8

Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not resp...

Vendor: Birtech Information Technologies Industry and Trade Ltd. Co.
Product: Sensaway
Published: Feb 09, 2026
Source: NVD
CVE-2025-10463 HIGH - 7.3

Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.This issue affects Senseway: through 09022026.Β NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vendor: Birtech Information Technologies Industry and Trade Ltd. Co.
Product: Senseway
Published: Feb 09, 2026
Source: NVD
CVE-2026-25847 HIGH - 8.2

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible

Vendor: JetBrains
Product: PyCharm
Published: Feb 09, 2026
Source: NVD
CVE-2026-2225 HIGH - 7.3

A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been published...

Vendor: clive_21
Product: news_portal_project
Published: Feb 09, 2026
Source: NVD
CVE-2025-7799 HIGH - 8.6

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc. E-Taxpayer Accounting Website allows Reflected XSS.This issue affects e-Taxpayer Accounting Website: through 07082025.

Published: Feb 09, 2026
Source: NVD
CVE-2026-2236 HIGH - 7.5

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Published: Feb 09, 2026
Source: NVD
CVE-2026-2223 HIGH - 7.3

A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate ...

Vendor: fabian
Product: online_reviewer_system
Published: Feb 09, 2026
Source: NVD