Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,900
Quick preset (or use dates below)
Clear Filters
Showing 12,121 - 12,140 of 14,217 CVEs
CVE-2026-2080 HIGH - 7.2

A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and m...

Vendor: utt
Product: 810_firmware
Published: Feb 07, 2026
Source: NVD
CVE-2026-2073 HIGH - 7.3

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed ...

Vendor: itsourcecode
Product: school_management_system
Published: Feb 07, 2026
Source: NVD
CVE-2026-2071 HIGH - 8.8

A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public ...

Vendor: utt
Product: 520w_firmware
Published: Feb 07, 2026
Source: NVD
CVE-2020-37163 HIGH - 8.2

QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, data...

Vendor: QuickDate
Product: QuickDate
Published: Feb 07, 2026
Source: NVD
CVE-2020-37157 HIGH - 7.5

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessin...

Vendor: DBPower
Product: DBPower C300 HD Camera
Published: Feb 07, 2026
Source: NVD
CVE-2020-37155 HIGH - 7.5

Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additi...

Vendor: Core FTP
Product: Core FTP Lite
Published: Feb 07, 2026
Source: NVD
CVE-2020-37154 HIGH - 7.1

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by ...

Vendor: Tripath Project
Product: eLection
Published: Feb 07, 2026
Source: NVD
CVE-2020-37147 HIGH - 7.1

ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of th...

Vendor: Atutor
Product: ATutor
Published: Feb 07, 2026
Source: NVD
CVE-2020-37146 HIGH - 7.5

ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing creden...

Vendor: ACE SECURITY
Product: Aptina AR0130 960P 1.3MP Camera
Published: Feb 07, 2026
Source: NVD
CVE-2020-37141 HIGH - 8.2

AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify...

Vendor: AMSS++
Product: AMSS++
Published: Feb 07, 2026
Source: NVD
CVE-2020-37135 HIGH - 7.5

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.

Vendor: Amssplus
Product: AMSS++
Published: Feb 07, 2026
Source: NVD
CVE-2020-37122 HIGH - 7.5

SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash...

Vendor: Nsauditor
Product: FTP Password Recover
Published: Feb 07, 2026
Source: NVD
CVE-2020-37109 HIGH - 7.5

aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject title to trigger an application crash and potent...

Vendor: asc Applied Software Consultants
Product: aSc TimeTables
Published: Feb 07, 2026
Source: NVD
CVE-2020-37107 HIGH - 7.5

Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unre...

Vendor: Core FTP
Product: Core FTP LE
Published: Feb 07, 2026
Source: NVD
CVE-2026-2070 HIGH - 8.8

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and...

Vendor: utt
Product: 520w_firmware
Published: Feb 06, 2026
Source: NVD

Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies ...

Vendor: antrea-io
Product: antrea
Published: Feb 06, 2026
Source: NVD

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the...

Vendor: slackhq
Product: nebula
Published: Feb 06, 2026
Source: NVD
CVE-2026-25644 HIGH - 7.5

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.

Vendor: datahub-project
Product: datahub
Published: Feb 06, 2026
Source: NVD
CVE-2026-25791 HIGH - 7.5

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored with...

Vendor: go
Product: github.com/bishopfox/sliver
Published: Feb 06, 2026
Source: GitHub
CVE-2026-2068 HIGH - 8.8

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was co...

Vendor: utt
Product: 520w_firmware
Published: Feb 06, 2026
Source: NVD