Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,911
Quick preset (or use dates below)
Clear Filters
Showing 12,041 - 12,060 of 14,674 CVEs
CVE-2026-26006 MEDIUM - 6.5

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The autogpt before 0.6.32 is vulnerable to Regular Expression Denial of Service due to the use of regex at Code Extraction Block. The two Regex are used co...

Vendor: Significant-Gravitas
Product: AutoGPT
Published: Feb 10, 2026
Source: NVD
CVE-2026-1495 MEDIUM - 6.5

The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.

Published: Feb 10, 2026
Source: NVD
CVE-2025-12699 MEDIUM - 5.5

The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return loc...

Vendor: ZOLL
Product: ZOLL ePCR IOS Mobile Application
Published: Feb 10, 2026
Source: NVD
CVE-2026-2303 MEDIUM - 6.5

The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not guara...

Published: Feb 10, 2026
Source: NVD
CVE-2026-21348 MEDIUM - 5.5

Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a v...

Vendor: Adobe
Product: Substance3D - Modeler
Published: Feb 10, 2026
Source: NVD
CVE-2026-1763 MEDIUM - 4.6

Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.

Published: Feb 10, 2026
Source: NVD
CVE-2026-2302 MEDIUM - 6.5

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code.

Published: Feb 10, 2026
Source: NVD
CVE-2026-25613 MEDIUM - 6.5

An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.

Vendor: MongoDB Inc
Product: MongoDB Server
Published: Feb 10, 2026
Source: NVD
CVE-2026-25610 MEDIUM - 6.5

An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.

Vendor: MongoDB Inc
Product: MongoDB Server
Published: Feb 10, 2026
Source: NVD
CVE-2026-25609 MEDIUM - 5.4

Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only.

Vendor: MongoDB Inc
Product: MongoDB Server
Published: Feb 10, 2026
Source: NVD
CVE-2026-21355 MEDIUM - 5.5

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must...

Vendor: Adobe
Product: DNG SDK
Published: Feb 10, 2026
Source: NVD
CVE-2026-21354 MEDIUM - 5.5

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user in...

Vendor: Adobe
Product: DNG SDK
Published: Feb 10, 2026
Source: NVD
CVE-2026-1850 MEDIUM - 6.5

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash.

Published: Feb 10, 2026
Source: NVD
CVE-2026-1849 MEDIUM - 6.5

MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.

Published: Feb 10, 2026
Source: NVD
CVE-2026-1847 MEDIUM - 6.5

Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash.

Published: Feb 10, 2026
Source: NVD
CVE-2026-25956 MEDIUM - 6.1

Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to an open redirect (or reflected XSS, depending on the crafted payload) when a user signs up. This vulnerability is fixed in 14.99.14 an...

Vendor: frappe
Product: frappe
Published: Feb 10, 2026
Source: NVD
CVE-2026-25805 MEDIUM - 6.4

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used without t...

Vendor: zed-industries
Product: zed
Published: Feb 10, 2026
Source: NVD
CVE-2026-25612 MEDIUM - 6.5

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks.

Vendor: MongoDB Inc
Product: MongoDB Server
Published: Feb 10, 2026
Source: NVD
CVE-2026-23655 MEDIUM - 6.5

Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

Published: Feb 10, 2026
Source: NVD
CVE-2026-21529 MEDIUM - 5.7

Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: azure_hdinsight
Published: Feb 10, 2026
Source: NVD