Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,913
Quick preset (or use dates below)
Clear Filters
Showing 12,281 - 12,300 of 14,675 CVEs
CVE-2026-2063 MEDIUM - 4.7

A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. The attack can be launched remotely. The exp...

Vendor: dlink
Product: dir-823x_firmware
Published: Feb 06, 2026
Source: NVD
CVE-2026-2062 MEDIUM - 5.3

A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. Th...

Vendor: open5gs
Product: open5gs
Published: Feb 06, 2026
Source: NVD
CVE-2026-25651 MEDIUM - 6.1

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host h...

Vendor: tgies
Product: client-certificate-auth
Published: Feb 06, 2026
Source: NVD
CVE-2026-25647 MEDIUM - 4.6

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier (as used in SiYuan before) has a Stored Cross-Site Scripting (XSS) vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

Vendor: siyuan-note
Product: siyuan
Published: Feb 06, 2026
Source: NVD
CVE-2026-25581 MEDIUM - 5.4

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create(), like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration op...

Vendor: npm
Product: sceditor
Published: Feb 06, 2026
Source: GitHub
CVE-2026-2061 MEDIUM - 4.7

A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utiliz...

Vendor: dlink
Product: dir-823x_firmware
Published: Feb 06, 2026
Source: NVD
CVE-2026-24776 MEDIUM - 4.3

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting (or is the backlog, in case of recurring meetings). This a...

Vendor: opf
Product: openproject
Published: Feb 06, 2026
Source: NVD
CVE-2026-23633 MEDIUM - 6.5

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev.

Vendor: gogs
Product: gogs
Published: Feb 06, 2026
Source: NVD
CVE-2026-23632 MEDIUM - 6.5

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint "PUT /repos/:owner/:repo/contents/*" does not require write permissions and allows access with read permission only via repoAssignment(). After passing the permission check, PutContents() invokes Upda...

Vendor: gogs
Product: gogs
Published: Feb 06, 2026
Source: NVD
CVE-2026-22592 MEDIUM - 6.5

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and 0.14.0+dev.

Vendor: gogs
Product: gogs
Published: Feb 06, 2026
Source: NVD
CVE-2026-1769 MEDIUM - 5.3

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6.  Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on X...

Published: Feb 06, 2026
Source: NVD
CVE-2019-25301 MEDIUM - 6.4

Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in add_comment_sql.php to execute...

Vendor: thrsrossi
Product: Millhouse Project
Published: Feb 06, 2026
Source: NVD
CVE-2019-25294 MEDIUM - 6.4

html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScrip...

Vendor: lolypop55
Product: html5_snmp
Published: Feb 06, 2026
Source: NVD
CVE-2026-2056 MEDIUM - 5.3

A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to information disclosure. Remote exploitation of the...

Published: Feb 06, 2026
Source: NVD
CVE-2026-2055 MEDIUM - 5.3

A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made av...

Published: Feb 06, 2026
Source: NVD
CVE-2026-2054 MEDIUM - 5.3

A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the public a...

Published: Feb 06, 2026
Source: NVD
CVE-2026-2016 MEDIUM - 5.3

A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been ...

Published: Feb 06, 2026
Source: NVD
CVE-2026-1293 MEDIUM - 6.4

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `yoast-schema` block attribute in all versions up to, and including, 26.8 due to insufficient input sanitization and output escaping. This makes it possi...

Published: Feb 06, 2026
Source: NVD
CVE-2026-2015 MEDIUM - 6.3

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument school_id can lead to improper authorization. The attack can be executed remotely....

Vendor: portabilis
Product: i-educar
Published: Feb 06, 2026
Source: NVD
CVE-2026-24928 MEDIUM - 5.8

Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vendor: Huawei
Product: HarmonyOS, EMUI
Published: Feb 06, 2026
Source: NVD