Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,922
Quick preset (or use dates below)
Clear Filters
Showing 12,181 - 12,200 of 14,675 CVEs
CVE-2025-59024 MEDIUM - 6.5

Crafted delegations or IP fragments can poison cached delegations in Recursor.

Vendor: PowerDNS
Product: Recursor
Published: Feb 09, 2026
Source: NVD
CVE-2025-14831 MEDIUM - 5.3

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat OpenShift Container Platform 4
Published: Feb 09, 2026
Source: NVD
CVE-2025-10464 MEDIUM - 6.5

Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data.This issue affects Senseway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in a...

Vendor: Birtech Information Technologies Industry and Trade Ltd. Co.
Product: Senseway
Published: Feb 09, 2026
Source: NVD
CVE-2026-0632 MEDIUM - 5.4

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web request...

Published: Feb 09, 2026
Source: NVD
CVE-2025-7708 MEDIUM - 6.8

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026.Β NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: Feb 09, 2026
Source: NVD
CVE-2026-25846 MEDIUM - 6.5

In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs

Vendor: JetBrains
Product: YouTrack
Published: Feb 09, 2026
Source: NVD
CVE-2026-24098 MEDIUM - 6.5

Apache Airflow versions before 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue

Vendor: Apache Software Foundation
Product: Apache Airflow
Published: Feb 09, 2026
Source: NVD
CVE-2026-22922 MEDIUM - 6.5

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this iss...

Vendor: Apache Software Foundation
Product: Apache Airflow
Published: Feb 09, 2026
Source: NVD
CVE-2026-2227 MEDIUM - 4.7

A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vul...

Vendor: dlink
Product: dcs-931l_firmware
Published: Feb 09, 2026
Source: NVD
CVE-2026-2226 MEDIUM - 4.7

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclos...

Published: Feb 09, 2026
Source: NVD
CVE-2026-23903 MEDIUM - 5.3

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

Vendor: Apache Software Foundation
Product: Apache Shiro
Published: Feb 09, 2026
Source: NVD
CVE-2026-25916 MEDIUM - 4.3

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.

Vendor: Roundcube
Product: Webmail
Published: Feb 09, 2026
Source: NVD
CVE-2026-25905 MEDIUM - 5.8

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP...

Vendor: pip
Product: mcp-run-python
Published: Feb 09, 2026
Source: NVD
CVE-2026-25904 MEDIUM - 5.8

The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is archived and unlikely to receive a fi...

Vendor: pip
Product: mcp-run-python
Published: Feb 09, 2026
Source: NVD
CVE-2026-2235 MEDIUM - 6.5

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

Published: Feb 09, 2026
Source: NVD
CVE-2026-24466 MEDIUM - 6.7

Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

Vendor: Oki Electric Industry Co., Ltd., Ricoh Company, Ltd., Murata Machinery, Ltd.
Product: See "References" section
Published: Feb 09, 2026
Source: NVD
CVE-2026-2218 MEDIUM - 6.3

A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly dis...

Vendor: dlink
Product: dcs-933l_firmware
Published: Feb 09, 2026
Source: NVD
CVE-2026-2216 MEDIUM - 4.3

A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download_export_file of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used.

Published: Feb 09, 2026
Source: NVD
CVE-2026-22613 MEDIUM - 5.7

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the E...

Vendor: Eaton
Product: Network M3
Published: Feb 09, 2026
Source: NVD
CVE-2026-2213 MEDIUM - 4.7

A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of the argument txtimage results in unrestricted upload. The attack may be performed from remote. The ex...

Vendor: fabian
Product: online_music_site
Published: Feb 09, 2026
Source: NVD