Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,913
Quick preset (or use dates below)
Clear Filters
Showing 12,021 - 12,040 of 14,217 CVEs
CVE-2026-25807 HIGH - 8.8

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple sock...

Vendor: TaklaXBR
Product: zai-shell
Published: Feb 09, 2026
Source: NVD

Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution (RCE) vulnerability exists in Craft CMS where the assembleLayoutFromPost() function in src/services/Fields.php fails to sanitize user-supplied configurati...

Vendor: craftcms
Product: cms
Published: Feb 09, 2026
Source: NVD

Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.0-beta.1, there is a Privilege Escalation vulnerability in Craft CMSโ€™s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their privileg...

Vendor: craftcms
Product: cms
Published: Feb 09, 2026
Source: NVD

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteria[orderBy] parameter (JSON body). The application fails to sanitize this input befor...

Vendor: craftcms
Product: cms
Published: Feb 09, 2026
Source: NVD
CVE-2026-25231 HIGH - 7.5

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or can...

Vendor: error311
Product: FileRise
Published: Feb 09, 2026
Source: NVD
CVE-2026-1529 HIGH - 8.1

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register int...

Vendor: maven
Product: org.keycloak:keycloak-services
Published: Feb 09, 2026
Source: NVD
CVE-2026-1486 HIGH - 8.8

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enabled before issuing tokens. The issuer lookup mechanism (lookupIdentityProviderFromIssuer) retrieves the IdP configuration but does not filter...

Vendor: maven
Product: org.keycloak:keycloak-services
Published: Feb 09, 2026
Source: NVD
CVE-2026-24684 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24683 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This vulnera...

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24682 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24681 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_write_completion. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24680 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24678 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24676 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, leading to a use after free in audio_format_compatible. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24675 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-24491 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in 3.22.0.

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-23948 HIGH - 7.5

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerabil...

Vendor: FreeRDP
Product: FreeRDP
Published: Feb 09, 2026
Source: NVD
CVE-2026-25761 HIGH - 8.8

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull requ...

Vendor: actions
Product: super-linter/super-linter
Published: Feb 09, 2026
Source: GitHub
CVE-2026-25639 HIGH - 7.5

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object crea...

Vendor: npm
Product: axios
Published: Feb 09, 2026
Source: GitHub
CVE-2026-25478 HIGH - 7.4

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharacters are not escaped, a malicious origin can match ...

Vendor: pip
Product: litestar
Published: Feb 09, 2026
Source: GitHub