Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,917
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,921 - 11,940 of 13,424 CVEs
CVE-2026-1117 HIGH - 8.2

A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The `add_events` function registers event handlers such as `generate_text`, `cancel_generation`, `generate_msg`, and `generate_msg_from` withou...

Vendor: pip
Product: lollms
Published: Feb 02, 2026
Source: NVD
CVE-2024-54263 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13.

Vendor: Talemy
Product: Spirit Framework
Published: Feb 02, 2026
Source: NVD
CVE-2026-20422 HIGH - 7.5

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

Vendor: mediatek
Product: nr15
Published: Feb 02, 2026
Source: NVD
CVE-2026-20421 HIGH - 7.5

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

Vendor: MediaTek, Inc.
Product: MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8791
Published: Feb 02, 2026
Source: NVD
CVE-2026-20420 HIGH - 7.5

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...

Vendor: mediatek
Product: nr15
Published: Feb 02, 2026
Source: NVD
CVE-2026-20419 HIGH - 7.5

In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR004...

Vendor: MediaTek, Inc.
Product: MT6890, MT6989TB, MT7902, MT7915, MT7916, MT7920, MT7921, MT7922, MT7925, MT7927, MT7981, MT7986, MT8196, MT8668, MT8676, MT8678, MT8775, MT8791T, MT8792, MT8793, MT8796, MT8873, MT8883, MT8893, MT8910
Published: Feb 02, 2026
Source: NVD
CVE-2026-20418 HIGH - 8.8

In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465153; Issue ID: MSV-4927.

Vendor: MediaTek, Inc.
Product: MT7931, MT7933
Published: Feb 02, 2026
Source: NVD
CVE-2026-20412 HIGH - 7.8

In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.

Vendor: MediaTek, Inc.
Product: MT6878, MT6879, MT6881, MT6886, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT6993, MT8168, MT8188, MT8195, MT8365, MT8390, MT8395, MT8666, MT8667, MT8673, MT8676, MT8696, MT8793
Published: Feb 02, 2026
Source: NVD
CVE-2026-20411 HIGH - 7.8

In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.

Vendor: MediaTek, Inc.
Product: MT6878, MT6879, MT6881, MT6886, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT6993, MT8168, MT8188, MT8195, MT8365, MT8370, MT8390, MT8395, MT8666, MT8667, MT8673, MT8676, MT8793
Published: Feb 02, 2026
Source: NVD
CVE-2026-20409 HIGH - 7.8

In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.

Vendor: MediaTek, Inc.
Product: MT6897, MT6989
Published: Feb 02, 2026
Source: NVD
CVE-2026-20408 HIGH - 8.0

In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.

Vendor: MediaTek, Inc.
Product: MT6890, MT7615, MT7915, MT7916, MT7981, MT7986
Published: Feb 02, 2026
Source: NVD
CVE-2026-20407 HIGH - 8.8

In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00464377; Issue ID: MSV-4905.

Vendor: MediaTek, Inc.
Product: MT7902, MT7920, MT7921, MT7922, MT7925, MT7927
Published: Feb 02, 2026
Source: NVD
CVE-2026-20406 HIGH - 7.5

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: M...

Vendor: mediatek
Product: nr15
Published: Feb 02, 2026
Source: NVD
CVE-2026-20405 HIGH - 7.5

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ...

Vendor: mediatek
Product: nr15
Published: Feb 02, 2026
Source: NVD
CVE-2026-20404 HIGH - 7.5

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

Vendor: mediatek
Product: nr15
Published: Feb 02, 2026
Source: NVD
CVE-2026-20403 HIGH - 7.5

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ...

Vendor: mediatek
Product: nr15
Published: Feb 02, 2026
Source: NVD
CVE-2026-20402 HIGH - 7.5

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

Vendor: MediaTek, Inc.
Product: MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797
Published: Feb 02, 2026
Source: NVD
CVE-2026-20401 HIGH - 7.5

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: M...

Vendor: MediaTek, Inc.
Product: MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797
Published: Feb 02, 2026
Source: NVD
CVE-2025-9974 HIGH - 8.8

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitrary ...

Published: Feb 02, 2026
Source: NVD
CVE-2025-15396 HIGH - 7.1

The Library Viewer WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Vendor: Unknown
Product: Library Viewer
Published: Feb 02, 2026
Source: NVD