Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,830
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,241 - 12,260 of 13,433 CVEs
CVE-2021-47903 HIGH - 8.8

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution v...

Vendor: LiteSpeed Technologies Inc
Product: LiteSpeed Web Server Enterprise
Published: Jan 23, 2026
Source: NVD
CVE-2021-47898 HIGH - 7.8

Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access.

Vendor: Epson America, Inc.
Product: Epson USB Display
Published: Jan 23, 2026
Source: NVD
CVE-2021-47897 HIGH - 7.2

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution.

Vendor: PEEL eCommerce
Product: PEEL Shopping
Published: Jan 23, 2026
Source: NVD
CVE-2021-47896 HIGH - 7.8

PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will be r...

Vendor: PDF Complete, Inc.
Product: PDFCOMPLETE Corporate Edition
Published: Jan 23, 2026
Source: NVD
CVE-2021-47895 HIGH - 7.5

Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an appli...

Vendor: Nsauditor
Product: Nsauditor
Published: Jan 23, 2026
Source: NVD
CVE-2021-47894 HIGH - 7.5

Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-character buffer and paste it into the IP Address and SNMP Community Name fields to trigger the applicati...

Vendor: Northwest Performance Software, Inc.
Product: Managed Switch Port Mapping Tool
Published: Jan 23, 2026
Source: NVD
CVE-2021-47893 HIGH - 7.5

AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to trigger an application...

Vendor: Agatasoft
Product: AgataSoft PingMaster Pro
Published: Jan 23, 2026
Source: NVD
CVE-2021-47892 HIGH - 7.2

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script executi...

Vendor: PEEL eCommerce
Product: PEEL Shopping
Published: Jan 23, 2026
Source: NVD
CVE-2021-47890 HIGH - 7.8

LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup.

Vendor: Softros Systems
Product: LogonExpert
Published: Jan 23, 2026
Source: NVD
CVE-2021-47889 HIGH - 7.8

Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\&#...

Vendor: Softros Systems
Product: LAN Messenger
Published: Jan 23, 2026
Source: NVD
CVE-2021-47888 HIGH - 8.8

Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through a s...

Vendor: The Textpattern Development Team
Product: Textpattern
Published: Jan 23, 2026
Source: NVD
CVE-2021-47881 HIGH - 8.4

dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft a malicious file with carefully constructed payload and alignment sections to potentially execute ar...

Vendor: Data Device Corporation
Product: dataSIMS Avionics ARINC
Published: Jan 23, 2026
Source: NVD
CVE-2025-69908 HIGH - 7.5

An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource.

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2025-66720 HIGH - 7.5

Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId.

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker ca...

Vendor: pip
Product: protobuf
Published: Jan 23, 2026
Source: GitHub
CVE-2026-24635 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DevsBlink EduBlink Core edublink-core allows PHP Local File Inclusion.This issue affects EduBlink Core: from n/a through <= 2.0.7.

Vendor: DevsBlink
Product: EduBlink Core
Published: Jan 23, 2026
Source: NVD
CVE-2026-24624 HIGH - 7.2

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in saeros1984 Neoforum neoforum allows Blind SQL Injection.This issue affects Neoforum: from n/a through <= 1.0.

Vendor: saeros1984
Product: Neoforum
Published: Jan 23, 2026
Source: NVD
CVE-2026-24609 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.

Vendor: Elated-Themes
Product: Laurent
Published: Jan 23, 2026
Source: NVD
CVE-2026-24608 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent Core laurent-core allows PHP Local File Inclusion.This issue affects Laurent Core: from n/a through <= 2.4.1.

Vendor: Elated-Themes
Product: Laurent Core
Published: Jan 23, 2026
Source: NVD
CVE-2026-24572 HIGH - 8.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.1.0.

Vendor: Nelio Software
Product: Nelio Content
Published: Jan 23, 2026
Source: NVD