Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,830
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,221 - 12,240 of 13,433 CVEs
CVE-2020-36933 HIGH - 7.8

HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.

Vendor: HTC
Product: IPTInstaller
Published: Jan 25, 2026
Source: NVD
CVE-2026-0911 HIGH - 7.5

The Hustle โ€“ Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, w...

Published: Jan 24, 2026
Source: NVD
CVE-2026-0800 HIGH - 7.2

The User Submitted Posts โ€“ Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for una...

Published: Jan 24, 2026
Source: NVD
CVE-2026-1257 HIGH - 7.5

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get_template' shortcode. This is due to insufficient path validation on user-supplied input passed to the get_temp...

Published: Jan 24, 2026
Source: NVD
CVE-2026-0807 HIGH - 7.2

The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'template_proxy' function. This makes it possible for unauthenticated attackers ...

Published: Jan 24, 2026
Source: NVD
CVE-2026-24469 HIGH - 7.5

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's ...

Vendor: frustratedProton
Product: http-server
Published: Jan 24, 2026
Source: NVD
CVE-2026-24412 HIGH - 8.8

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs when user-controllable input is unsafely incorporated...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24411 HIGH - 7.1

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or othe...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24410 HIGH - 7.1

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic(). This occurs when user-controllable input is unsafely incorporated into IC...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24409 HIGH - 7.1

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml(). This occurs when user-controllable input is unsafely incorporat...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24407 HIGH - 7.1

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary ...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24406 HIGH - 8.8

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-controllable input is unsafely incorporated into ICC profil...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24405 HIGH - 8.8

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely incorporated into ICC profile da...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24404 HIGH - 7.1

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely incorpo...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24403 HIGH - 7.1

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader() when user-controllable input is incorporated into profile data un...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2025-52026 HIGH - 7.5

An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is ...

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2025-67264 HIGH - 7.8

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2025-70986 HIGH - 7.5

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data.

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2025-67230 HIGH - 7.1

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation.

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2021-47904 HIGH - 8.8

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.

Vendor: Phreesoft
Product: PhreeBooks
Published: Jan 23, 2026
Source: NVD