Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,925
Quick preset (or use dates below)
Clear Filters
Showing 11,841 - 11,860 of 14,217 CVEs
CVE-2026-2314 HIGH - 8.8

Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2313 HIGH - 8.8

Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2025-69873 HIGH - 7.5

ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() construct...

Vendor: npm
Product: ajv
Published: Feb 11, 2026
Source: NVD
CVE-2025-69871 HIGH - 8.1

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage lim...

Published: Feb 11, 2026
Source: NVD

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS on h...

Vendor: go
Product: code.vikunja.io/api
Published: Feb 11, 2026
Source: GitHub
CVE-2026-25759 HIGH - 8.7

Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious...

Vendor: composer
Product: statamic/cms
Published: Feb 11, 2026
Source: GitHub
CVE-2026-2361 HIGH - 8.0

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privi...

Published: Feb 11, 2026
Source: NVD
CVE-2026-2360 HIGH - 8.0

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is highe...

Published: Feb 11, 2026
Source: NVD
CVE-2025-70084 HIGH - 7.5

Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.

Vendor: opensatkit
Product: opensatkit
Published: Feb 11, 2026
Source: NVD
CVE-2025-70083 HIGH - 7.8

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName i...

Vendor: opensatkit
Product: opensatkit
Published: Feb 11, 2026
Source: NVD
CVE-2025-70029 HIGH - 7.5

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options

Published: Feb 11, 2026
Source: NVD
CVE-2025-65480 HIGH - 8.8

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.

Published: Feb 11, 2026
Source: NVD
CVE-2025-65127 HIGH - 7.5

A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtai...

Published: Feb 11, 2026
Source: NVD
CVE-2026-2250 HIGH - 7.5

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to...

Published: Feb 11, 2026
Source: NVD
CVE-2025-52541 HIGH - 7.3

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Vendor: AMD
Product: Vivadoโ„ข Installation (Windows)
Published: Feb 11, 2026
Source: NVD
CVE-2025-48503 HIGH - 7.8

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Published: Feb 11, 2026
Source: NVD
CVE-2024-36324 HIGH - 8.8

Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.

Published: Feb 11, 2026
Source: NVD
CVE-2019-25310 HIGH - 7.8

ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated adm...

Vendor: Actfax
Product: ActiveFax Server
Published: Feb 11, 2026
Source: NVD
CVE-2019-25309 HIGH - 7.8

Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will b...

Vendor: Zilab Software Inc
Product: Zilab Remote Console Server
Published: Feb 11, 2026
Source: NVD
CVE-2019-25308 HIGH - 7.8

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.

Vendor: LiteManager Team
Product: Mikogo
Published: Feb 11, 2026
Source: NVD