Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,911
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 11,721 - 11,740 of 14,291 CVEs
CVE-2025-36425 MEDIUM - 5.3

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Feb 17, 2026
Source: NVD
CVE-2025-14689 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Feb 17, 2026
Source: NVD
CVE-2025-13867 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Feb 17, 2026
Source: NVD
CVE-2026-24126 MEDIUM - 6.6

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management cons...

Vendor: pip
Product: Weblate
Published: Feb 17, 2026
Source: GitHub
CVE-2026-2617 MEDIUM - 6.3

A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made public ...

Vendor: beetel
Product: 777vr1_firmware
Published: Feb 17, 2026
Source: NVD
CVE-2025-69287 MEDIUM - 5.4

The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature incompat...

Vendor: npm
Product: @bsv/sdk
Published: Feb 17, 2026
Source: GitHub
CVE-2025-70829 MEDIUM - 5.7

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string.

Vendor: running-elephant
Product: datart
Published: Feb 17, 2026
Source: NVD
CVE-2024-31118 MEDIUM - 6.5

Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70.

Vendor: Smartypants
Product: SP Project & Document Manager
Published: Feb 17, 2026
Source: NVD
CVE-2022-41650 MEDIUM - 6.5

Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.

Vendor: Paul
Product: Custom Content by Country (by Shield Security)
Published: Feb 17, 2026
Source: NVD
CVE-2026-23861 MEDIUM - 5.4

Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of mal...

Vendor: Dell
Product: Unisphere for PowerMax vApp,
Published: Feb 17, 2026
Source: NVD
CVE-2025-7706 MEDIUM - 6.1

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0.

Published: Feb 17, 2026
Source: NVD
CVE-2026-2608 MEDIUM - 4.3

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access and...

Published: Feb 17, 2026
Source: NVD
CVE-2025-8303 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 (With Doping Module – Store Module – New Language System) allows Cross-Site Scripting (XSS).This is...

Published: Feb 17, 2026
Source: NVD
CVE-2026-0829 MEDIUM - 5.8

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access and ...

Published: Feb 17, 2026
Source: NVD
CVE-2026-1657 MEDIUM - 5.3

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without implementing any authentication, authorization, o...

Published: Feb 17, 2026
Source: NVD
CVE-2026-2002 MEDIUM - 4.4

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form_name parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible fo...

Published: Feb 17, 2026
Source: NVD
CVE-2019-25393 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script payload...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25392 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP para...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25390 MEDIUM - 5.4

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through multiple parameters including GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVER...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD
CVE-2019-25389 MEDIUM - 6.1

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the MACHINES parameter. Attackers can craft requests to the timedaccess.cgi endpoint with script payloads in the M...

Vendor: Smoothwall
Product: Smoothwall Express
Published: Feb 16, 2026
Source: NVD