Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

1,901
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 11,881 - 11,900 of 13,404 CVEs
CVE-2026-22221 HIGH - 8.0

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration inte...

Vendor: TP-Link Systems Inc.
Product: Archer BE230 v1.2
Published: Feb 02, 2026
Source: NVD
CVE-2026-0631 HIGH - 8.0

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration ...

Vendor: tp-link
Product: archer_be230_firmware
Published: Feb 02, 2026
Source: NVD
CVE-2026-0630 HIGH - 8.0

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration int...

Vendor: tp-link
Product: archer_be230_firmware
Published: Feb 02, 2026
Source: NVD
CVE-2025-47399 HIGH - 7.8

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Feb 02, 2026
Source: NVD
CVE-2025-47398 HIGH - 7.8

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Feb 02, 2026
Source: NVD
CVE-2025-47397 HIGH - 7.8

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Feb 02, 2026
Source: NVD
CVE-2025-47366 HIGH - 7.1

Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Feb 02, 2026
Source: NVD
CVE-2025-47359 HIGH - 7.8

Memory Corruption when multiple threads simultaneously access a memory free API.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Feb 02, 2026
Source: NVD
CVE-2025-47358 HIGH - 7.8

Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Feb 02, 2026
Source: NVD
CVE-2025-14914 HIGH - 7.6

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

Vendor: IBM
Product: WebSphere Application Server Liberty
Published: Feb 02, 2026
Source: NVD
CVE-2022-50978 HIGH - 7.5

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).

Published: Feb 02, 2026
Source: NVD
CVE-2022-50977 HIGH - 7.5

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.

Published: Feb 02, 2026
Source: NVD
CVE-2022-50976 HIGH - 7.7

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.

Vendor: Innomic, avibia
Product: VibroLine Configurator 5.0, AvibiaLine Configurator 5.0, VibroLine Configurator 4.0
Published: Feb 02, 2026
Source: NVD
CVE-2022-50975 HIGH - 8.8

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.

Published: Feb 02, 2026
Source: NVD
CVE-2026-24070 HIGH - 8.8

During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servic...

Vendor: Native Instruments
Product: Native Access
Published: Feb 02, 2026
Source: NVD
CVE-2026-1761 HIGH - 8.6

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. Th...

Published: Feb 02, 2026
Source: NVD
CVE-2025-8587 HIGH - 8.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026.

Published: Feb 02, 2026
Source: NVD
CVE-2026-0599 HIGH - 7.5

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET req...

Vendor: pip
Product: text-generation
Published: Feb 02, 2026
Source: NVD
CVE-2025-10279 HIGH - 7.0

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtua...

Vendor: mlflow
Product: mlflow/mlflow
Published: Feb 02, 2026
Source: NVD
CVE-2024-4147 HIGH - 7.5

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, ...

Published: Feb 02, 2026
Source: NVD