Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,917
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 11,941 - 11,960 of 13,424 CVEs
CVE-2026-1531 HIGH - 8.1

A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and Op...

Vendor: rubygems
Product: foreman_kubevirt
Published: Feb 02, 2026
Source: NVD
CVE-2026-1530 HIGH - 8.1

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in infor...

Vendor: rubygems
Product: fog-kubevirt
Published: Feb 02, 2026
Source: NVD
CVE-2026-25201 HIGH - 8.8

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.

Vendor: Samsung Electronics
Product: MagicINFO 9 Server
Published: Feb 02, 2026
Source: NVD
CVE-2026-24788 HIGH - 8.8

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.

Vendor: RaspAP
Product: raspap-webgui
Published: Feb 02, 2026
Source: NVD
CVE-2026-1740 HIGH - 7.3

A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has b...

Published: Feb 02, 2026
Source: NVD
CVE-2026-25253 HIGH - 8.8

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Vendor: OpenClaw
Product: OpenClaw
Published: Feb 01, 2026
Source: NVD
CVE-2025-67601 HIGH - 8.4

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

Vendor: go
Product: github.com/rancher/rancher
Published: Feb 01, 2026
Source: GitHub
CVE-2020-37064 HIGH - 7.8

EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject mali...

Vendor: Epson
Product: EPSON EasyMP Network Projection
Published: Feb 01, 2026
Source: NVD
CVE-2020-37063 HIGH - 7.8

TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem ...

Vendor: Weird-Solutions
Product: TFTP Turbo
Published: Feb 01, 2026
Source: NVD
CVE-2020-37062 HIGH - 7.8

DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.

Vendor: Weird Solutions
Product: DHCP Turbo
Published: Feb 01, 2026
Source: NVD
CVE-2020-37061 HIGH - 7.8

BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with Local...

Vendor: Weird-Solutions
Product: BOOTP Turbo
Published: Feb 01, 2026
Source: NVD
CVE-2020-37055 HIGH - 7.8

SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during...

Vendor: Enigmasoftware
Product: SpyHunter
Published: Feb 01, 2026
Source: NVD
CVE-2020-37048 HIGH - 7.8

Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be ...

Vendor: Iskysoft
Product: Iskysoft Application Framework Service
Published: Feb 01, 2026
Source: NVD
CVE-2020-37047 HIGH - 7.8

Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious ...

Vendor: Deepinstinct
Product: Deep Instinct Windows Agent
Published: Feb 01, 2026
Source: NVD
CVE-2020-37045 HIGH - 7.8

Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would ...

Vendor: Veritas
Product: NetBackup
Published: Feb 01, 2026
Source: NVD
CVE-2020-37037 HIGH - 7.8

Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account pe...

Vendor: Avast
Product: AVAST SecureLine
Published: Feb 01, 2026
Source: NVD
CVE-2021-47918 HIGH - 8.1

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.

Vendor: Simplephpscripts
Product: Simple CMS
Published: Feb 01, 2026
Source: NVD
CVE-2021-47916 HIGH - 8.1

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.

Vendor: Simplephpscripts
Product: Simple CMS
Published: Feb 01, 2026
Source: NVD
CVE-2021-47915 HIGH - 8.1

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

Vendor: PHPSUGAR
Product: PHP Melody
Published: Feb 01, 2026
Source: NVD
CVE-2021-47909 HIGH - 8.1

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system.

Vendor: Techraft
Product: Digital Multivendor Marketplace Online Store
Published: Feb 01, 2026
Source: NVD