Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,859
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,081 - 12,100 of 13,433 CVEs
CVE-2025-71000 HIGH - 7.5

An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Vendor: oneflow
Product: oneflow
Published: Jan 28, 2026
Source: NVD
CVE-2025-70999 HIGH - 7.5

A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID.

Vendor: oneflow
Product: oneflow
Published: Jan 28, 2026
Source: NVD
CVE-2025-65891 HIGH - 7.5

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index.

Vendor: oneflow
Product: oneflow
Published: Jan 28, 2026
Source: NVD
CVE-2025-57793 HIGH - 8.6

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly el...

Vendor: Explorance
Product: Blue
Published: Jan 28, 2026
Source: NVD
CVE-2025-33220 HIGH - 7.8

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or informa...

Vendor: NVIDIA
Product: GeForce, RTX PRO, RTX, Quadro, Tesla, Virtual GPU Manager
Published: Jan 28, 2026
Source: NVD
CVE-2025-33219 HIGH - 7.8

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information d...

Vendor: NVIDIA
Product: GeForce, RTX PRO, RTX, Quadro, Tesla, Guest driver, Virtual GPU Manager
Published: Jan 28, 2026
Source: NVD
CVE-2025-33218 HIGH - 7.8

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or informat...

Vendor: NVIDIA
Product: GeForce, RTX PRO, RTX, Quadro, Tesla, Guest driver
Published: Jan 28, 2026
Source: NVD
CVE-2025-33217 HIGH - 7.8

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Vendor: NVIDIA
Product: GeForce, RTX PRO, RTX, Quadro, Tesla
Published: Jan 28, 2026
Source: NVD
CVE-2020-36972 HIGH - 8.2

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-...

Vendor: smartdatasoft
Product: SmartBlog
Published: Jan 28, 2026
Source: NVD
CVE-2020-36971 HIGH - 8.4

Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system.

Vendor: Nidesoft
Product: Nidesoft 3GP Video Converter
Published: Jan 28, 2026
Source: NVD
CVE-2020-36970 HIGH - 8.4

PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to ...

Vendor: PMB Services
Product: PMB Services
Published: Jan 28, 2026
Source: NVD
CVE-2020-36969 HIGH - 8.8

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard ...

Vendor: Tildeslash Ltd.
Product: M/Monit
Published: Jan 28, 2026
Source: NVD
CVE-2020-36965 HIGH - 8.4

docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler (SEH) overwrite to execute shellcode and ...

Vendor: VeryPDF.com, Inc.
Product: docPrint Pro
Published: Jan 28, 2026
Source: NVD
CVE-2020-36963 HIGH - 7.5

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuratio...

Vendor: Intelbras
Product: Intelbras Router RF 301K
Published: Jan 28, 2026
Source: NVD
CVE-2020-36945 HIGH - 8.2

WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '<email>' OR '1'='1' in both username and passwor...

Vendor: WEBDAMN.COM
Product: WebDamn User Registration & Login System with User Panel
Published: Jan 28, 2026
Source: NVD
CVE-2020-36943 HIGH - 7.5

aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. Attackers can generate a 10,000-character buffer and paste it into the subject title to trigger application instability and poten...

Vendor: asc Applied Software Consultants, s.r.o.
Product: asc Timetables
Published: Jan 28, 2026
Source: NVD

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the `Nextmatch` filter processing. The flaw allows authenticated attackers to inject arbitrary SQL c...

Vendor: EGroupware
Product: egroupware
Published: Jan 28, 2026
Source: NVD
CVE-2025-65890 HIGH - 7.5

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index.

Vendor: oneflow
Product: oneflow
Published: Jan 28, 2026
Source: NVD
CVE-2025-65889 HIGH - 7.5

A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Vendor: oneflow
Product: oneflow
Published: Jan 28, 2026
Source: NVD
CVE-2025-65888 HIGH - 7.5

A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value.

Vendor: oneflow
Product: oneflow
Published: Jan 28, 2026
Source: NVD