Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,881
Quick preset (or use dates below)
Clear Filters
Showing 12,281 - 12,300 of 14,217 CVEs
CVE-2020-37097 HIGH - 7.5

Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device configurat...

Vendor: EDIMAX Technology Co., Ltd.
Product: EW-7438RPn Mini
Published: Feb 03, 2026
Source: NVD
CVE-2020-37093 HIGH - 7.5

Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in p...

Vendor: Netis Systems Co., Ltd.
Product: Netis E1+
Published: Feb 03, 2026
Source: NVD
CVE-2020-37092 HIGH - 7.5

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device.

Vendor: Netis Systems Co., Ltd.
Product: Netis E1+
Published: Feb 03, 2026
Source: NVD
CVE-2020-37089 HIGH - 8.2

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete...

Vendor: Arox
Product: School ERP Pro
Published: Feb 03, 2026
Source: NVD
CVE-2020-37088 HIGH - 7.5

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system c...

Vendor: Arox
Product: School ERP Pro
Published: Feb 03, 2026
Source: NVD
CVE-2020-37085 HIGH - 7.5

VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send_say() method, causing the server to become u...

Vendor: SunnySideSoft
Product: VirtualTablet Server
Published: Feb 03, 2026
Source: NVD
CVE-2020-37083 HIGH - 8.2

PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the pho...

Vendor: chatelao
Product: PHP Address Book
Published: Feb 03, 2026
Source: NVD
CVE-2020-37081 HIGH - 7.1

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database management ...

Vendor: Fishing Reservation System
Product: Fishing Reservation System
Published: Feb 03, 2026
Source: NVD
CVE-2020-37078 HIGH - 8.8

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from th...

Vendor: i-doit GmbH
Product: i-doit Open Source CMDB
Published: Feb 03, 2026
Source: NVD
CVE-2020-37076 HIGH - 8.2

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-b...

Vendor: VictorAlagwu
Product: CMSsite
Published: Feb 03, 2026
Source: NVD
CVE-2020-37073 HIGH - 8.8

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with...

Vendor: VictorAlagwu
Product: CMSsite
Published: Feb 03, 2026
Source: NVD
CVE-2020-37072 HIGH - 7.2

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.

Vendor: VictorAlagwu
Product: CMSsite
Published: Feb 03, 2026
Source: NVD
CVE-2019-25260 HIGH - 8.2

OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execut...

Vendor: OXID-eSales
Product: OXID eShop
Published: Feb 03, 2026
Source: NVD
CVE-2026-1862 HIGH - 8.8

Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: Feb 03, 2026
Source: NVD
CVE-2026-1861 HIGH - 8.8

Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: Feb 03, 2026
Source: NVD
CVE-2026-25615 HIGH - 7.2

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668.

Vendor: Blesta
Product: Blesta
Published: Feb 03, 2026
Source: NVD
CVE-2026-25614 HIGH - 7.5

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680.

Vendor: Blesta
Product: Blesta
Published: Feb 03, 2026
Source: NVD
CVE-2026-24149 HIGH - 7.8

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering.

Vendor: NVIDIA
Product: Megatron-LM
Published: Feb 03, 2026
Source: NVD
CVE-2026-1803 HIGH - 8.1

A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitability is c...

Published: Feb 03, 2026
Source: NVD

@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, th...

Vendor: npm
Product: @isaacs/brace-expansion
Published: Feb 03, 2026
Source: GitHub