Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,881
Quick preset (or use dates below)
Clear Filters
Showing 12,201 - 12,220 of 14,217 CVEs
CVE-2025-69906 HIGH - 8.8

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upl...

Vendor: monstra
Product: monstra_cms
Published: Feb 05, 2026
Source: NVD
CVE-2025-69619 HIGH - 7.5

A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.

Vendor: zipperapp
Product: my_teditor
Published: Feb 05, 2026
Source: NVD
CVE-2020-37150 HIGH - 7.5

Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authe...

Vendor: EDIMAX Technology
Product: EW-7438RPn Mini
Published: Feb 05, 2026
Source: NVD
CVE-2020-37149 HIGH - 8.1

Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's pri...

Vendor: EDIMAX Technology
Product: EW-7438RPn Mini
Published: Feb 05, 2026
Source: NVD
CVE-2020-37143 HIGH - 7.5

ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful a...

Vendor: GE Intelligent Platforms, Inc.
Product: ProficySCADA for iOS
Published: Feb 05, 2026
Source: NVD
CVE-2020-37142 HIGH - 8.4

10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add' ...

Vendor: 10-Strike Software
Product: Network Inventory Explorer
Published: Feb 05, 2026
Source: NVD
CVE-2020-37139 HIGH - 8.4

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the application t...

Vendor: Odin-Secure-Ftp-Expert
Product: Odin Secure FTP Expert
Published: Feb 05, 2026
Source: NVD
CVE-2020-37136 HIGH - 7.5

ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create SSH ...

Vendor: EmTec
Product: ZOC Terminal
Published: Feb 05, 2026
Source: NVD
CVE-2020-37134 HIGH - 7.5

UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash.

Vendor: UltraVNC Team
Product: UltraVNC Viewer
Published: Feb 05, 2026
Source: NVD
CVE-2020-37133 HIGH - 7.5

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.

Vendor: UltraVNC Team
Product: UltraVNC Launcher
Published: Feb 05, 2026
Source: NVD
CVE-2020-37130 HIGH - 7.5

Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name field...

Vendor: Nsauditor
Product: Nsauditor
Published: Feb 05, 2026
Source: NVD
CVE-2020-37117 HIGH - 8.8

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger una...

Vendor: jizhiCMS
Product: jizhiCMS
Published: Feb 05, 2026
Source: NVD
CVE-2025-68722 HIGH - 8.8

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes ...

Vendor: axigen
Product: axigen_mail_server
Published: Feb 05, 2026
Source: NVD
CVE-2020-37151 HIGH - 8.2

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database in...

Vendor: Ciprianmp
Product: phpMyChat Plus
Published: Feb 05, 2026
Source: NVD
CVE-2025-13379 HIGH - 8.6

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Vendor: IBM
Product: Aspera Console
Published: Feb 05, 2026
Source: NVD
CVE-2026-23572 HIGH - 7.2

Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized access prior to l...

Vendor: TeamViewer
Product: Remote, Tensor, One
Published: Feb 05, 2026
Source: NVD
CVE-2026-1294 HIGH - 7.2

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web reque...

Published: Feb 05, 2026
Source: NVD
CVE-2025-61732 HIGH - 8.6

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Vendor: Go toolchain
Product: cmd/cgo
Published: Feb 05, 2026
Source: NVD
CVE-2025-10314 HIGH - 8.8

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation directory with specially c...

Vendor: Mitsubishi Electric Corporation
Product: FREQSHIP-mini for Windows
Published: Feb 05, 2026
Source: NVD
CVE-2025-11730 HIGH - 7.2

A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50(W) series firmware versions from V5.35 through V5.41, and ...

Vendor: Zyxel
Product: ATP series firmware, USG FLEX series firmware, USG FLEX 50(W) series firmware, USG20(W)-VPN series firmware
Published: Feb 05, 2026
Source: NVD