Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,900
Quick preset (or use dates below)
Clear Filters
Showing 12,141 - 12,160 of 14,217 CVEs
CVE-2025-68621 HIGH - 7.4

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...

Vendor: TriliumNext
Product: Trilium
Published: Feb 06, 2026
Source: NVD
CVE-2026-2067 HIGH - 8.8

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTimeGroupConfig. The manipulation of the argument year1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed public...

Vendor: utt
Product: 520w_firmware
Published: Feb 06, 2026
Source: NVD
CVE-2026-2066 HIGH - 8.8

A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public a...

Vendor: utt
Product: 520w_firmware
Published: Feb 06, 2026
Source: NVD
CVE-2026-25731 HIGH - 7.8

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index comma...

Vendor: kovidgoyal
Product: calibre
Published: Feb 06, 2026
Source: NVD
CVE-2026-25636 HIGH - 8.2

calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml ...

Vendor: kovidgoyal
Product: calibre
Published: Feb 06, 2026
Source: NVD
CVE-2026-25635 HIGH - 8.6

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload ...

Vendor: kovidgoyal
Product: calibre
Published: Feb 06, 2026
Source: NVD
CVE-2026-25634 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1.4...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Feb 06, 2026
Source: NVD
CVE-2026-25762 HIGH - 7.5

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memo...

Vendor: npm
Product: @adonisjs/bodyparser
Published: Feb 06, 2026
Source: GitHub
CVE-2026-25754 HIGH - 7.2

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and 11.0.0-next...

Vendor: npm
Product: @adonisjs/bodyparser
Published: Feb 06, 2026
Source: GitHub

MCP Salesforce Connector is a Model Context Protocol (MCP) server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10.

Vendor: smn2gnt
Product: MCP-Salesforce
Published: Feb 06, 2026
Source: NVD
CVE-2026-24418 HIGH - 6.5

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario (Payment Schedule) module. The application fails to validate th...

Vendor: devcode-it
Product: openstamanager
Published: Feb 06, 2026
Source: NVD
CVE-2026-24417 HIGH - 6.5

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before usin...

Vendor: devcode-it
Product: openstamanager
Published: Feb 06, 2026
Source: NVD
CVE-2026-24416 HIGH - 6.5

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo paramete...

Vendor: devcode-it
Product: openstamanager
Published: Feb 06, 2026
Source: NVD
CVE-2025-69216 HIGH - 6.5

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any authenticated user to extract sensitive data from the data...

Vendor: devcode-it
Product: openstamanager
Published: Feb 06, 2026
Source: NVD
CVE-2025-69214 HIGH - 8.8

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the options...

Vendor: devcode-it
Product: openstamanager
Published: Feb 06, 2026
Source: NVD
CVE-2026-25640 HIGH - 7.1

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. ...

Vendor: pip
Product: pydantic-ai
Published: Feb 06, 2026
Source: GitHub
CVE-2026-25580 HIGH - 8.6

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery (SSRF) vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources...

Vendor: pip
Product: pydantic-ai
Published: Feb 06, 2026
Source: GitHub
CVE-2026-2060 HIGH - 7.3

A vulnerability was found in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /simpleblooddonor/editcampaignform.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the at...

Vendor: fabian
Product: simple_blood_donor_management_system
Published: Feb 06, 2026
Source: NVD
CVE-2026-25725 HIGH - 10.0

Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.js...

Vendor: anthropics
Product: claude-code
Published: Feb 06, 2026
Source: NVD
CVE-2026-25723 HIGH - 6.5

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder...

Vendor: anthropics
Product: claude-code
Published: Feb 06, 2026
Source: NVD