Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,922
Quick preset (or use dates below)
Clear Filters
Showing 11,881 - 11,900 of 14,217 CVEs
CVE-2025-7659 HIGH - 8.0

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE.

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2025-14560 HIGH - 7.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious content i...

Vendor: GitLab
Product: GitLab
Published: Feb 11, 2026
Source: NVD
CVE-2025-10174 HIGH - 8.3

Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025.

Vendor: Pan Software & Information Technologies Ltd.
Product: PanCafe Pro
Published: Feb 11, 2026
Source: NVD
CVE-2025-15096 HIGH - 8.8

The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it ...

Vendor: kamleshyadav
Product: Videospirecore Theme Plugin
Published: Feb 11, 2026
Source: NVD
CVE-2026-1560 HIGH - 8.8

The Custom Block Builder โ€“ Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. This makes it possible for authenticated attackers, with Contributor-level access and abov...

Published: Feb 11, 2026
Source: NVD
CVE-2025-9986 HIGH - 8.2

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.

Published: Feb 11, 2026
Source: NVD
CVE-2025-15440 HIGH - 7.2

The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

Vendor: ione360
Product: iONE360 configurator
Published: Feb 11, 2026
Source: NVD
CVE-2025-10913 HIGH - 8.3

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted earl...

Vendor: Saastech Cleaning and Internet Services Inc.
Product: TemizlikYolda
Published: Feb 11, 2026
Source: NVD
CVE-2025-14541 HIGH - 7.2

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditional_tags parameter. This is due to the plugin using PHP's eval() function on user-controlled input without proper validation or sanitization. This ma...

Vendor: villatheme
Product: Lucky Wheel Giveaway
Published: Feb 11, 2026
Source: NVD

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not...

Vendor: pyca
Product: cryptography
Published: Feb 10, 2026
Source: NVD
CVE-2026-1507 HIGH - 7.5

The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.

Published: Feb 10, 2026
Source: NVD
CVE-2026-21349 HIGH - 7.8

Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Lightroom Desktop
Published: Feb 10, 2026
Source: NVD
CVE-2026-25506 HIGH - 7.7

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attack...

Vendor: dun
Product: munge
Published: Feb 10, 2026
Source: NVD
CVE-2026-21353 HIGH - 7.8

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: DNG SDK
Published: Feb 10, 2026
Source: NVD
CVE-2026-21352 HIGH - 7.8

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: DNG SDK
Published: Feb 10, 2026
Source: NVD
CVE-2026-21347 HIGH - 7.8

Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Bridge
Published: Feb 10, 2026
Source: NVD
CVE-2026-21346 HIGH - 7.8

Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Bridge
Published: Feb 10, 2026
Source: NVD
CVE-2026-21345 HIGH - 7.8

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current use...

Vendor: Adobe
Product: Substance3D - Stager
Published: Feb 10, 2026
Source: NVD
CVE-2026-21344 HIGH - 7.8

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current use...

Vendor: Adobe
Product: Substance3D - Stager
Published: Feb 10, 2026
Source: NVD
CVE-2026-21343 HIGH - 7.8

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current use...

Vendor: Adobe
Product: Substance3D - Stager
Published: Feb 10, 2026
Source: NVD