Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,922
Quick preset (or use dates below)
Clear Filters
Showing 11,901 - 11,920 of 14,217 CVEs
CVE-2026-21342 HIGH - 7.8

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Substance3D - Stager
Published: Feb 10, 2026
Source: NVD
CVE-2026-21341 HIGH - 7.8

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: Substance3D - Stager
Published: Feb 10, 2026
Source: NVD
CVE-2026-1848 HIGH - 7.5

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header.

Published: Feb 10, 2026
Source: NVD
CVE-2026-25992 HIGH - 7.5

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read protecte...

Vendor: siyuan-note
Product: siyuan
Published: Feb 10, 2026
Source: NVD
CVE-2026-25947 HIGH - 8.8

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation a...

Vendor: Worklenz
Product: worklenz
Published: Feb 10, 2026
Source: NVD
CVE-2026-25646 HIGH - 8.1

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number...

Vendor: pnggroup
Product: libpng
Published: Feb 10, 2026
Source: NVD
CVE-2026-25611 HIGH - 7.5

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.

Vendor: MongoDB Inc
Product: MongoDB Server
Published: Feb 10, 2026
Source: NVD
CVE-2026-24045 HIGH - 7.3

Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting (XSS) attacks, wher...

Vendor: docmost
Product: docmost
Published: Feb 10, 2026
Source: NVD
CVE-2026-21537 HIGH - 8.8

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

Vendor: microsoft
Product: defender_for_endpoint
Published: Feb 10, 2026
Source: NVD
CVE-2026-21533 HIGH - 7.8

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-21523 HIGH - 8.0

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: visual_studio_code
Published: Feb 10, 2026
Source: NVD
CVE-2026-21519 HIGH - 7.8

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-21517 HIGH - 7.0

Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.

Published: Feb 10, 2026
Source: NVD
CVE-2026-21516 HIGH - 8.8

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: github_copilot
Published: Feb 10, 2026
Source: NVD
CVE-2026-21514 HIGH - 7.8

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

Vendor: microsoft
Product: 365_apps
Published: Feb 10, 2026
Source: NVD
CVE-2026-21513 HIGH - 8.8

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-21511 HIGH - 7.5

Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: 365_apps
Published: Feb 10, 2026
Source: NVD
CVE-2026-21510 HIGH - 8.8

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-21508 HIGH - 7.0

Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.

Vendor: microsoft
Product: windows_10_1607
Published: Feb 10, 2026
Source: NVD
CVE-2026-21357 HIGH - 7.8

InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: Adobe
Product: InDesign Desktop
Published: Feb 10, 2026
Source: NVD