Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,823
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,301 - 12,320 of 13,433 CVEs
CVE-2026-0762 HIGH - 8.1

GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is required to exploit this vulnerability but attac...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0758 HIGH - 7.8

mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-siri-shortcuts. An attacker must first obtain the ability to execute low-privileged code on the target...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0757 HIGH - 8.8

MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability in that the target m...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0710 HIGH - 8.4

A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions,...

Published: Jan 23, 2026
Source: NVD
CVE-2025-15351 HIGH - 7.8

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required to exploit this vulnerability in that the targ...

Vendor: Anritsu
Product: VectorStar
Published: Jan 23, 2026
Source: NVD
CVE-2025-15350 HIGH - 7.8

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required to exploit this vulnerability in that the targ...

Vendor: Anritsu
Product: VectorStar
Published: Jan 23, 2026
Source: NVD
CVE-2025-15349 HIGH - 7.5

Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

Vendor: Anritsu
Product: ShockLine
Published: Jan 23, 2026
Source: NVD
CVE-2025-15348 HIGH - 7.8

Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target...

Vendor: Anritsu
Product: ShockLine
Published: Jan 23, 2026
Source: NVD
CVE-2025-15062 HIGH - 7.8

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicio...

Vendor: Trimble
Product: SketchUp
Published: Jan 23, 2026
Source: NVD
CVE-2025-15059 HIGH - 7.8

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o...

Vendor: GIMP
Product: GIMP
Published: Jan 23, 2026
Source: NVD
CVE-2025-11002 HIGH - 7.0

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on th...

Vendor: 7-Zip
Product: 7-Zip
Published: Jan 23, 2026
Source: NVD
CVE-2026-24138 HIGH - 7.5

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites and f...

Vendor: FOGProject
Product: fogproject
Published: Jan 23, 2026
Source: NVD
CVE-2026-24129 HIGH - 8.0

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager f...

Vendor: runtipi
Product: runtipi
Published: Jan 22, 2026
Source: NVD
CVE-2026-21524 HIGH - 7.4

Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.

Published: Jan 22, 2026
Source: NVD
CVE-2026-21521 HIGH - 7.4

Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.

Published: Jan 22, 2026
Source: NVD
CVE-2026-21520 HIGH - 7.5

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector

Published: Jan 22, 2026
Source: NVD
CVE-2026-21227 HIGH - 8.2

Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.

Published: Jan 22, 2026
Source: NVD
CVE-2025-55705 HIGH - 7.3

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration ...

Vendor: EVMAPA
Product: EVMAPA
Published: Jan 22, 2026
Source: NVD
CVE-2025-53968 HIGH - 7.5

This vulnerability arises because there are no limitations on the number of authentication attempts a user can make. An attacker can exploit this weakness by continuously sending authentication requests, leading to a denial-of-service (DoS) condition. This can overwhelm the authentication system...

Vendor: EVMAPA
Product: EVMAPA
Published: Jan 22, 2026
Source: NVD
CVE-2026-23988 HIGH - 7.3

Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condition (TOCTOU) in src/net.c during the creation, validation, and execution of the Fido PowerShell script. Since Rufus runs with elevated privileges (Administrator) but writes the scr...

Vendor: pbatard
Product: rufus
Published: Jan 22, 2026
Source: NVD