Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,915
Quick preset (or use dates below)
Clear Filters
Showing 11,981 - 12,000 of 14,217 CVEs
CVE-2026-25577 HIGH - 7.5

Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause deni...

Vendor: pip
Product: emmett-core
Published: Feb 10, 2026
Source: GitHub
CVE-2025-6967 HIGH - 8.7

Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure b...

Published: Feb 10, 2026
Source: NVD
CVE-2025-15569 HIGH - 7.0

A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploita...

Vendor: Artifex
Product: MuPDF
Published: Feb 10, 2026
Source: NVD
CVE-2026-2268 HIGH - 7.5

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags` filter to user-supplied input within repeater fields, which allows the resolution of `{post_meta:KE...

Published: Feb 10, 2026
Source: NVD
CVE-2026-25656 HIGH - 7.8

A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially l...

Vendor: Siemens
Product: SINEC NMS, User Management Component (UMC)
Published: Feb 10, 2026
Source: NVD
CVE-2026-25655 HIGH - 7.8

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administr...

Vendor: Siemens
Product: SINEC NMS
Published: Feb 10, 2026
Source: NVD
CVE-2026-24343 HIGH - 8.8

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HertzBeat
Published: Feb 10, 2026
Source: NVD
CVE-2026-23720 HIGH - 7.8

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context...

Vendor: Siemens
Product: Simcenter Femap, Simcenter Nastran
Published: Feb 10, 2026
Source: NVD
CVE-2026-23719 HIGH - 7.8

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an attacker to execute code in the context o...

Vendor: Siemens
Product: Simcenter Femap, Simcenter Nastran
Published: Feb 10, 2026
Source: NVD
CVE-2026-23718 HIGH - 7.8

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context...

Vendor: Siemens
Product: Simcenter Femap, Simcenter Nastran
Published: Feb 10, 2026
Source: NVD
CVE-2026-23717 HIGH - 7.8

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context...

Vendor: Siemens
Product: Simcenter Femap, Simcenter Nastran
Published: Feb 10, 2026
Source: NVD
CVE-2026-23716 HIGH - 7.8

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context...

Vendor: Siemens
Product: Simcenter Femap, Simcenter Nastran
Published: Feb 10, 2026
Source: NVD
CVE-2026-23715 HIGH - 7.8

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the contex...

Vendor: Siemens
Product: Simcenter Femap, Simcenter Nastran
Published: Feb 10, 2026
Source: NVD
CVE-2026-22923 HIGH - 7.8

A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially lead to arbitrary code execution.

Vendor: Siemens
Product: NX
Published: Feb 10, 2026
Source: NVD
CVE-2026-1866 HIGH - 7.2

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling `html_entity_decode()` before `wp_kses()`, and then calling `html_entity_d...

Published: Feb 10, 2026
Source: NVD
CVE-2025-40587 HIGH - 7.6

A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authenticated remote attacker to conduct a stored cross-site sc...

Vendor: Siemens
Product: Polarion V2404, Polarion V2410
Published: Feb 10, 2026
Source: NVD
CVE-2026-2097 HIGH - 8.8

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Vendor: flowring
Product: agentflow
Published: Feb 10, 2026
Source: NVD
CVE-2026-2094 HIGH - 8.8

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Published: Feb 10, 2026
Source: NVD
CVE-2026-2093 HIGH - 7.5

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Published: Feb 10, 2026
Source: NVD
CVE-2025-11547 HIGH - 7.8

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.

Vendor: Axis Communications AB
Product: AXIS Camera Station Pro
Published: Feb 10, 2026
Source: NVD