Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,152
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,721 - 11,740 of 13,404 CVEs
CVE-2019-25275 HIGH - 7.8

BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to ...

Vendor: FileHorse
Product: BartVPN
Published: Feb 05, 2026
Source: NVD
CVE-2019-25274 HIGH - 7.8

ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during se...

Vendor: Photodex
Product: ProShow Producer
Published: Feb 05, 2026
Source: NVD
CVE-2019-25273 HIGH - 7.8

Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executable...

Vendor: Easy-Hide-Ip
Product: IP
Published: Feb 05, 2026
Source: NVD
CVE-2019-25272 HIGH - 7.8

TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executab...

Vendor: Tenaxsoft
Product: TexasSoft CyberPlanet
Published: Feb 05, 2026
Source: NVD
CVE-2019-25271 HIGH - 7.8

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.

Vendor: NETGATE
Product: Data Backup
Published: Feb 05, 2026
Source: NVD
CVE-2019-25269 HIGH - 7.8

Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations.

Vendor: Netgate
Product: Amiti Antivirus
Published: Feb 05, 2026
Source: NVD
CVE-2019-25267 HIGH - 7.8

Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched w...

Vendor: Wftpserver
Product: Wing FTP Server
Published: Feb 05, 2026
Source: NVD
CVE-2026-25585 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile triggers...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Feb 04, 2026
Source: NVD
CVE-2026-22038 HIGH - 8.1

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...

Vendor: Significant-Gravitas
Product: AutoGPT
Published: Feb 04, 2026
Source: NVD
CVE-2026-25584 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when processing a malformed...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Feb 04, 2026
Source: NVD
CVE-2026-25583 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files via unchecked fread ...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Feb 04, 2026
Source: NVD
CVE-2026-25582 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles via ...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Feb 04, 2026
Source: NVD
CVE-2026-25575 HIGH - 7.5

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn). By supplying un...

Vendor: TUM-Dev
Product: NavigaTUM
Published: Feb 04, 2026
Source: NVD
CVE-2026-25519 HIGH - 8.1

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external IDP. ...

Vendor: OpenSlides
Product: OpenSlides
Published: Feb 04, 2026
Source: NVD
CVE-2026-25512 HIGH - 8.8

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled par...

Vendor: Intermesh
Product: groupoffice
Published: Feb 04, 2026
Source: NVD
CVE-2025-15555 HIGH - 7.3

A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be l...

Vendor: open5gs
Product: Open5GS
Published: Feb 04, 2026
Source: NVD
CVE-2025-71031 HIGH - 7.5

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory.

Published: Feb 04, 2026
Source: NVD
CVE-2026-25593 HIGH - 8.4

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerability i...

Vendor: npm
Product: openclaw
Published: Feb 04, 2026
Source: GitHub
CVE-2026-25536 HIGH - 7.1

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHT...

Vendor: npm
Product: @modelcontextprotocol/sdk
Published: Feb 04, 2026
Source: GitHub
CVE-2026-25546 HIGH - 7.8

Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input (e.g., projectPath) directly to exec(), which...

Vendor: npm
Product: @coding-solo/godot-mcp
Published: Feb 04, 2026
Source: GitHub