Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,693
Quick preset (or use dates below)
Clear Filters
Showing 11,881 - 11,900 of 14,604 CVEs
CVE-2024-26478 MEDIUM - 5.3

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint.

Published: Feb 11, 2026
Source: NVD
CVE-2026-2323 MEDIUM - 4.3

Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2322 MEDIUM - 4.3

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2320 MEDIUM - 6.5

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2318 MEDIUM - 6.5

Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2317 MEDIUM - 6.5

Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2026-2316 MEDIUM - 6.5

Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Feb 11, 2026
Source: NVD
CVE-2025-70297 MEDIUM - 6.1

A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser.

Published: Feb 11, 2026
Source: NVD
CVE-2025-70296 MEDIUM - 5.4

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view.

Published: Feb 11, 2026
Source: NVD
CVE-2025-69872 MEDIUM - 9.8

DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.

Vendor: pip
Product: diskcache
Published: Feb 11, 2026
Source: NVD
CVE-2025-69874 MEDIUM - 9.8

nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.

Vendor: npm
Product: nanotar
Published: Feb 11, 2026
Source: NVD
CVE-2025-13391 MEDIUM - 5.8

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni_cpo_remove_file' function in all versions up to, and including, 4.9.60. This makes it possibl...

Vendor: MooMoo
Product: Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium)
Published: Feb 11, 2026
Source: NVD
CVE-2026-25633 MEDIUM - 4.3

Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advanta...

Vendor: composer
Product: statamic/cms
Published: Feb 11, 2026
Source: GitHub
CVE-2025-48508 MEDIUM - 6.0

Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service.

Vendor: AMD
Product: AMD Radeonβ„’ PRO V710
Published: Feb 11, 2026
Source: NVD
CVE-2024-36316 MEDIUM - 5.5

The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass size checks potentially resulting in a denial of service

Published: Feb 11, 2026
Source: NVD
CVE-2019-25317 MEDIUM - 6.4

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users.

Vendor: kevinpapst
Product: Kimai
Published: Feb 11, 2026
Source: NVD
CVE-2019-25316 MEDIUM - 6.4

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary JavaSc...

Vendor: Goautodial
Product: GOautodial
Published: Feb 11, 2026
Source: NVD
CVE-2019-25315 MEDIUM - 6.4

WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.

Vendor: anttiviljami
Product: WP Server Log Viewer
Published: Feb 11, 2026
Source: NVD
CVE-2019-25314 MEDIUM - 6.4

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.

Vendor: Duplicate-Post
Product: Post
Published: Feb 11, 2026
Source: NVD
CVE-2019-25312 MEDIUM - 6.4

InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session ...

Vendor: InoIdeas
Product: InoERP
Published: Feb 11, 2026
Source: NVD