Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,157
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 11,701 - 11,720 of 13,404 CVEs
CVE-2020-37134 HIGH - 7.5

UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash.

Vendor: UltraVNC Team
Product: UltraVNC Viewer
Published: Feb 05, 2026
Source: NVD
CVE-2020-37133 HIGH - 7.5

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.

Vendor: UltraVNC Team
Product: UltraVNC Launcher
Published: Feb 05, 2026
Source: NVD
CVE-2020-37130 HIGH - 7.5

Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name field...

Vendor: Nsauditor
Product: Nsauditor
Published: Feb 05, 2026
Source: NVD
CVE-2020-37117 HIGH - 8.8

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger una...

Vendor: jizhiCMS
Product: jizhiCMS
Published: Feb 05, 2026
Source: NVD
CVE-2025-68722 HIGH - 8.8

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes ...

Vendor: axigen
Product: axigen_mail_server
Published: Feb 05, 2026
Source: NVD
CVE-2020-37151 HIGH - 8.2

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database in...

Vendor: Ciprianmp
Product: phpMyChat Plus
Published: Feb 05, 2026
Source: NVD
CVE-2025-13379 HIGH - 8.6

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Vendor: IBM
Product: Aspera Console
Published: Feb 05, 2026
Source: NVD
CVE-2026-23572 HIGH - 7.2

Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized access prior to l...

Vendor: TeamViewer
Product: Remote, Tensor, One
Published: Feb 05, 2026
Source: NVD
CVE-2026-1294 HIGH - 7.2

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web reque...

Published: Feb 05, 2026
Source: NVD
CVE-2025-61732 HIGH - 8.6

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Vendor: Go toolchain
Product: cmd/cgo
Published: Feb 05, 2026
Source: NVD
CVE-2025-10314 HIGH - 8.8

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation directory with specially c...

Vendor: Mitsubishi Electric Corporation
Product: FREQSHIP-mini for Windows
Published: Feb 05, 2026
Source: NVD
CVE-2025-11730 HIGH - 7.2

A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50(W) series firmware versions from V5.35 through V5.41, and ...

Vendor: Zyxel
Product: ATP series firmware, USG FLEX series firmware, USG FLEX 50(W) series firmware, USG20(W)-VPN series firmware
Published: Feb 05, 2026
Source: NVD
CVE-2025-13192 HIGH - 8.2

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied paramet...

Vendor: roxnor
Product: Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers
Published: Feb 05, 2026
Source: NVD
CVE-2019-25288 HIGH - 7.8

Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots.

Vendor: Wacom
Product: Wacom WTabletService
Published: Feb 05, 2026
Source: NVD
CVE-2019-25287 HIGH - 7.8

Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Lavasoft\Web Companion\Application\ to...

Vendor: Webcompanion
Product: Adaware Web Companion version
Published: Feb 05, 2026
Source: NVD
CVE-2019-25286 HIGH - 7.8

GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with Loca...

Vendor: Gcafe
Product: _GCafé
Published: Feb 05, 2026
Source: NVD
CVE-2019-25285 HIGH - 7.8

Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service...

Vendor: Alps
Product: device Controller
Published: Feb 05, 2026
Source: NVD
CVE-2019-25283 HIGH - 7.8

Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot.

Vendor: shrew
Product: Shrew Soft VPN Client
Published: Feb 05, 2026
Source: NVD
CVE-2019-25281 HIGH - 7.8

NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would...

Vendor: ncp-e
Product: NCP_Secure_Entry_Client
Published: Feb 05, 2026
Source: NVD
CVE-2019-25276 HIGH - 7.8

Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell Software\FactoryTalk Acti...

Vendor: Rockwellautomation
Product: Studio
Published: Feb 05, 2026
Source: NVD