Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,708
Quick preset (or use dates below)
Clear Filters
Showing 11,521 - 11,540 of 14,604 CVEs
CVE-2026-27016 MEDIUM - 5.4

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype) are sanitized. The un...

Vendor: composer
Product: librenms/librenms
Published: Feb 18, 2026
Source: GitHub
CVE-2026-26992 MEDIUM - 4.8

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a port group, an HTTP POST request is sent...

Vendor: composer
Product: librenms/librenms
Published: Feb 18, 2026
Source: GitHub
CVE-2026-26991 MEDIUM - 4.8

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a device group, an HTTP POST request is ...

Vendor: composer
Product: librenms/librenms
Published: Feb 18, 2026
Source: GitHub
CVE-2026-26987 MEDIUM - 6.1

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.

Vendor: composer
Product: librenms/librenms
Published: Feb 18, 2026
Source: GitHub
CVE-2026-2667 MEDIUM - 5.3

A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has ...

Published: Feb 18, 2026
Source: NVD
CVE-2026-24746 MEDIUM - 5.7

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, the application does not validate user input at the...

Vendor: InvoicePlane
Product: InvoicePlane
Published: Feb 18, 2026
Source: NVD
CVE-2026-1999 MEDIUM - 6.5

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable_auto_merge mutation for pull requests. This issue only affecte...

Vendor: github
Product: enterprise_server
Published: Feb 18, 2026
Source: NVD
CVE-2026-1355 MEDIUM - 6.5

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration identifi...

Vendor: github
Product: enterprise_server
Published: Feb 18, 2026
Source: NVD
CVE-2026-1200 MEDIUM - 6.3

A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences.

Published: Feb 18, 2026
Source: NVD
CVE-2026-0665 MEDIUM - 6.5

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

Published: Feb 18, 2026
Source: NVD
CVE-2025-14876 MEDIUM - 5.5

A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process to terminate unexpe...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat OpenShift Container Platform 4
Published: Feb 18, 2026
Source: NVD
CVE-2025-10256 MEDIUM - 5.3

A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file wit...

Published: Feb 18, 2026
Source: NVD
CVE-2025-0577 MEDIUM - 4.8

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

Published: Feb 18, 2026
Source: NVD
CVE-2026-2666 MEDIUM - 4.7

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit ...

Vendor: mingsoft
Product: mcms
Published: Feb 18, 2026
Source: NVD
CVE-2026-2665 MEDIUM - 6.3

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be initi...

Published: Feb 18, 2026
Source: NVD
CVE-2026-2663 MEDIUM - 6.3

A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It is ...

Published: Feb 18, 2026
Source: NVD
CVE-2025-70063 MEDIUM - 6.5

The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user t...

Published: Feb 18, 2026
Source: NVD
CVE-2025-70062 MEDIUM - 6.5

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privile...

Vendor: phpgurukul
Product: hospital_management_system
Published: Feb 18, 2026
Source: NVD
CVE-2026-2658 MEDIUM - 4.3

A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has bee...

Published: Feb 18, 2026
Source: NVD
CVE-2026-20144 MEDIUM - 6.8

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index coul...

Vendor: Splunk
Product: Splunk Enterprise, Splunk Cloud Platform
Published: Feb 18, 2026
Source: NVD