Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,911
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,781 - 11,800 of 14,291 CVEs
CVE-2026-2525 MEDIUM - 5.3

A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor: free5gc
Product: free5gc
Published: Feb 16, 2026
Source: NVD
CVE-2026-2524 MEDIUM - 5.3

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme_s11_handle_create_session_response of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the ...

Vendor: open5gs
Product: open5gs
Published: Feb 16, 2026
Source: NVD
CVE-2026-2523 MEDIUM - 5.3

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit is now...

Vendor: open5gs
Product: open5gs
Published: Feb 16, 2026
Source: NVD
CVE-2026-2522 MEDIUM - 5.3

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be us...

Vendor: open5gs
Product: open5gs
Published: Feb 16, 2026
Source: NVD
CVE-2026-2521 MEDIUM - 5.3

A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public an...

Vendor: open5gs
Product: open5gs
Published: Feb 15, 2026
Source: NVD
CVE-2026-26367 MEDIUM - 6.5

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce role-...

Vendor: JUNG
Product: eNet SMART HOME server
Published: Feb 15, 2026
Source: NVD
CVE-2019-25377 MEDIUM - 5.4

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the conte...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25376 MEDIUM - 6.1

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogACL p...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25375 MEDIUM - 6.1

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver paramete...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25374 MEDIUM - 6.1

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Attackers can craft POST requests with JavaScript payloads in the passthrough_networks parameter to exec...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25373 MEDIUM - 6.4

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall_rules_edit.php with script payloads in the category field to execute ...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25372 MEDIUM - 6.1

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diag_traceroute.php to execute arb...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25371 MEDIUM - 6.1

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diag_ping.php endpoint with script payloads in ...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25370 MEDIUM - 6.1

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces_vlan_edit.php with script payloads in the tag, descr, or vlanif parameters t...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25369 MEDIUM - 6.4

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context of...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25368 MEDIUM - 5.4

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_pa...

Vendor: Opnsense
Product: OPNsense
Published: Feb 15, 2026
Source: NVD
CVE-2019-25367 MEDIUM - 5.4

ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attackers can inject scripts via parameters in /_db/_system/_admin/aardvark/index.html to execute JavaScript...

Vendor: Arangodb
Product: ArangoDB Community Edition
Published: Feb 15, 2026
Source: NVD
CVE-2026-2517 MEDIUM - 5.3

A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs_gtp2_parse_tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf[0].content.length results in denial of service. The attack is possible to be car...

Vendor: open5gs
Product: open5gs
Published: Feb 15, 2026
Source: NVD
CVE-2025-32063 MEDIUM - 6.8

There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server. Fi...

Vendor: Bosch
Product: Infotainment system ECU
Published: Feb 15, 2026
Source: NVD
CVE-2025-32060 MEDIUM - 6.7

The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a fla...

Vendor: Bosch
Product: Infotainment system ECU
Published: Feb 15, 2026
Source: NVD