Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,216
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 11,621 - 11,640 of 13,404 CVEs
CVE-2020-37146 HIGH - 7.5

ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing creden...

Vendor: ACE SECURITY
Product: Aptina AR0130 960P 1.3MP Camera
Published: Feb 07, 2026
Source: NVD
CVE-2020-37141 HIGH - 8.2

AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify...

Vendor: AMSS++
Product: AMSS++
Published: Feb 07, 2026
Source: NVD
CVE-2020-37135 HIGH - 7.5

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.

Vendor: Amssplus
Product: AMSS++
Published: Feb 07, 2026
Source: NVD
CVE-2020-37122 HIGH - 7.5

SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash...

Vendor: Nsauditor
Product: FTP Password Recover
Published: Feb 07, 2026
Source: NVD
CVE-2020-37109 HIGH - 7.5

aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject title to trigger an application crash and potent...

Vendor: asc Applied Software Consultants
Product: aSc TimeTables
Published: Feb 07, 2026
Source: NVD
CVE-2020-37107 HIGH - 7.5

Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unre...

Vendor: Core FTP
Product: Core FTP LE
Published: Feb 07, 2026
Source: NVD
CVE-2026-2070 HIGH - 8.8

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and...

Vendor: utt
Product: 520w_firmware
Published: Feb 06, 2026
Source: NVD

Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies ...

Vendor: antrea-io
Product: antrea
Published: Feb 06, 2026
Source: NVD

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the...

Vendor: slackhq
Product: nebula
Published: Feb 06, 2026
Source: NVD
CVE-2026-25644 HIGH - 7.5

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.

Vendor: datahub-project
Product: datahub
Published: Feb 06, 2026
Source: NVD
CVE-2026-25791 HIGH - 7.5

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored with...

Vendor: go
Product: github.com/bishopfox/sliver
Published: Feb 06, 2026
Source: GitHub
CVE-2026-2068 HIGH - 8.8

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was co...

Vendor: utt
Product: 520w_firmware
Published: Feb 06, 2026
Source: NVD
CVE-2025-68621 HIGH - 7.4

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...

Vendor: TriliumNext
Product: Trilium
Published: Feb 06, 2026
Source: NVD
CVE-2026-2067 HIGH - 8.8

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTimeGroupConfig. The manipulation of the argument year1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed public...

Vendor: utt
Product: 520w_firmware
Published: Feb 06, 2026
Source: NVD
CVE-2026-2066 HIGH - 8.8

A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public a...

Vendor: utt
Product: 520w_firmware
Published: Feb 06, 2026
Source: NVD
CVE-2026-25731 HIGH - 7.8

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index comma...

Vendor: kovidgoyal
Product: calibre
Published: Feb 06, 2026
Source: NVD
CVE-2026-25636 HIGH - 8.2

calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml ...

Vendor: kovidgoyal
Product: calibre
Published: Feb 06, 2026
Source: NVD
CVE-2026-25635 HIGH - 8.6

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload ...

Vendor: kovidgoyal
Product: calibre
Published: Feb 06, 2026
Source: NVD
CVE-2026-25634 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1.4...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Feb 06, 2026
Source: NVD
CVE-2026-25762 HIGH - 7.5

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memo...

Vendor: npm
Product: @adonisjs/bodyparser
Published: Feb 06, 2026
Source: GitHub