Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,909
Quick preset (or use dates below)
Clear Filters
Showing 12,321 - 12,340 of 14,675 CVEs
CVE-2026-2000 MEDIUM - 4.7

A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation of the argument ip_list results in command injection. The attack is possible to be carr...

Published: Feb 06, 2026
Source: NVD
CVE-2026-1909 MEDIUM - 6.4

The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on the 'src' attribute. This makes it possible for authenticated ...

Published: Feb 06, 2026
Source: NVD
CVE-2026-1888 MEDIUM - 6.4

The Docus โ€“ YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible ...

Published: Feb 06, 2026
Source: NVD
CVE-2026-1808 MEDIUM - 6.4

The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplus_button shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This make...

Published: Feb 06, 2026
Source: NVD
CVE-2026-1401 MEDIUM - 6.4

The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Subs...

Published: Feb 06, 2026
Source: NVD
CVE-2025-10753 MEDIUM - 5.3

The OAuth Single Sign On โ€“ SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and authentication verification on the OAuth redirect functionality accessible via the 'oauthredirect&#...

Vendor: cyberlord92
Product: OAuth Single Sign On โ€“ SSO (OAuth Client)
Published: Feb 06, 2026
Source: NVD
CVE-2026-0598 MEDIUM - 4.2

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could access o...

Published: Feb 06, 2026
Source: NVD
CVE-2026-1979 MEDIUM - 5.3

A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and may be used. This pat...

Published: Feb 06, 2026
Source: NVD
CVE-2026-1978 MEDIUM - 5.3

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The exploit...

Published: Feb 06, 2026
Source: NVD
CVE-2026-1977 MEDIUM - 6.3

A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualize_data. Such manipulation of the argument vegalite_specification leads to code injection. The ...

Published: Feb 06, 2026
Source: NVD
CVE-2026-1976 MEDIUM - 5.3

A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for ...

Vendor: free5gc
Product: free5gc
Published: Feb 06, 2026
Source: NVD
CVE-2026-1975 MEDIUM - 5.3

A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. A...

Vendor: free5gc
Product: free5gc
Published: Feb 06, 2026
Source: NVD
CVE-2026-1228 MEDIUM - 4.3

The Timeline Block โ€“ Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgb_shortcode() function due to missing validation on a user controlled key....

Published: Feb 06, 2026
Source: NVD
CVE-2026-1974 MEDIUM - 5.3

A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and mi...

Vendor: free5gc
Product: free5gc
Published: Feb 06, 2026
Source: NVD
CVE-2026-1973 MEDIUM - 5.3

A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. It i...

Vendor: free5gc
Product: free5gc
Published: Feb 06, 2026
Source: NVD
CVE-2026-1972 MEDIUM - 5.3

A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. The attack may be initiated remotely. The exploit has been made public and could be used...

Published: Feb 06, 2026
Source: NVD
CVE-2026-23623 MEDIUM - 5.3

Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5, a user with view-only rights and no download privileges can obtain a...

Vendor: CollaboraOnline
Product: online
Published: Feb 06, 2026
Source: NVD
CVE-2026-0391 MEDIUM - 6.5

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

Published: Feb 05, 2026
Source: NVD
CVE-2026-1964 MEDIUM - 4.3

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch nam...

Vendor: wekan_project
Product: wekan
Published: Feb 05, 2026
Source: NVD
CVE-2026-25760 MEDIUM - 6.5

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, and ...

Vendor: go
Product: github.com/bishopfox/sliver
Published: Feb 05, 2026
Source: GitHub