Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,913
Quick preset (or use dates below)
Clear Filters
Showing 12,001 - 12,020 of 14,217 CVEs
CVE-2025-11142 HIGH - 7.1

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.

Vendor: Axis Communications AB
Product: AXIS OS
Published: Feb 10, 2026
Source: NVD
CVE-2026-2260 HIGH - 7.2

A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerabili...

Vendor: dlink
Product: dcs-931l_firmware
Published: Feb 10, 2026
Source: NVD
CVE-2026-24322 HIGH - 7.7

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.

Vendor: SAP_SE
Product: SAP Solution Tools Plug-In (ST-PI)
Published: Feb 10, 2026
Source: NVD
CVE-2026-23689 HIGH - 7.7

Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution tha...

Vendor: SAP_SE
Product: SAP Supply Chain Management
Published: Feb 10, 2026
Source: NVD
CVE-2026-23687 HIGH - 8.8

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive us...

Vendor: SAP_SE
Product: SAP NetWeaver AS ABAP and ABAP Platform
Published: Feb 10, 2026
Source: NVD
CVE-2026-0508 HIGH - 7.3

The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domai...

Vendor: sap
Product: businessobjects_business_intelligence_platform
Published: Feb 10, 2026
Source: NVD
CVE-2026-0490 HIGH - 7.5

SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on the c...

Vendor: sap
Product: businessobjects_business_intelligence_platform
Published: Feb 10, 2026
Source: NVD
CVE-2026-0485 HIGH - 7.5

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering...

Vendor: sap
Product: businessobjects_business_intelligence_platform
Published: Feb 10, 2026
Source: NVD
CVE-2026-0845 HIGH - 7.2

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFM_Settings_Controller::processing' fun...

Published: Feb 10, 2026
Source: NVD
CVE-2025-15310 HIGH - 7.8

Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.

Vendor: Tanium
Product: Patch Endpoint Tools
Published: Feb 10, 2026
Source: NVD
CVE-2026-25958 HIGH - 7.7

Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14.

Vendor: cube-js
Product: cube
Published: Feb 09, 2026
Source: NVD
CVE-2026-25951 HIGH - 7.2

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an ...

Vendor: frangoteam
Product: FUXA
Published: Feb 09, 2026
Source: NVD
CVE-2026-25931 HIGH - 7.8

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings._determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true (package.json) and is read from workspace co...

Vendor: streetsidesoftware
Product: vscode-spell-checker
Published: Feb 09, 2026
Source: NVD
CVE-2025-15319 HIGH - 7.8

Tanium addressed a local privilege escalation vulnerability in Endpoint Configuration Toolset Solution.

Vendor: Tanium
Product: Patch Endpoint Tools
Published: Feb 09, 2026
Source: NVD
CVE-2026-25961 HIGH - 7.5

SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE_CERT_CN_INVALID) and executes installers without signature checks. A network attacker with any valid TLS certificate (e.g., Let's ...

Vendor: sumatrapdfreader
Product: sumatrapdf
Published: Feb 09, 2026
Source: NVD
CVE-2026-25925 HIGH - 7.8

PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to inst...

Vendor: modery
Product: PowerDocu
Published: Feb 09, 2026
Source: NVD
CVE-2026-25892 HIGH - 7.5

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any ...

Vendor: vrana
Product: adminer
Published: Feb 09, 2026
Source: NVD
CVE-2026-25890 HIGH - 8.1

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding mul...

Vendor: filebrowser
Product: filebrowser
Published: Feb 09, 2026
Source: NVD
CVE-2026-25880 HIGH - 7.8

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s sy...

Vendor: sumatrapdfreader
Product: sumatrapdf
Published: Feb 09, 2026
Source: NVD
CVE-2026-25808 HIGH - 7.5

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is fixe...

Vendor: fedify-dev
Product: hollo
Published: Feb 09, 2026
Source: NVD