Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,859
Quick preset (or use dates below)
Clear Filters
Showing 12,361 - 12,380 of 14,217 CVEs
CVE-2026-22550 HIGH - 7.2

OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request from a logged-in user may lead to an arbitrary OS command execution.

Vendor: ELECOM CO.,LTD.
Product: WRC-X1500GS-B, WRC-X1500GSA-B
Published: Feb 03, 2026
Source: NVD
CVE-2026-1065 HIGH - 7.2

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible ...

Published: Feb 03, 2026
Source: NVD
CVE-2026-1058 HIGH - 7.1

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses html_entity_decode() ...

Published: Feb 03, 2026
Source: NVD
CVE-2026-0617 HIGH - 7.2

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for una...

Published: Feb 03, 2026
Source: NVD
CVE-2026-24694 HIGH - 7.8

The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the application.

Vendor: Roland Corporation
Product: Roland Cloud Manager
Published: Feb 03, 2026
Source: NVD
CVE-2025-9711 HIGH - 7.8

A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands.

Vendor: broadcom
Product: fabric_operating_system
Published: Feb 03, 2026
Source: NVD
CVE-2026-0383 HIGH - 7.8

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.

Vendor: broadcom
Product: fabric_operating_system
Published: Feb 03, 2026
Source: NVD
CVE-2025-58383 HIGH - 7.2

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.

Vendor: Brocade
Product: Fabric OS
Published: Feb 03, 2026
Source: NVD
CVE-2025-58382 HIGH - 7.2

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands as root using “supportsave”, “seccertmgmt”, “configuploa...

Vendor: Brocade
Product: Fabric OS
Published: Feb 03, 2026
Source: NVD
CVE-2026-25157 HIGH - 7.8

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the c...

Vendor: npm
Product: clawdbot
Published: Feb 02, 2026
Source: GitHub
CVE-2026-25060 HIGH - 8.1

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in internal/conf/config.go. This vulnerability enables Man-in...

Vendor: OpenListTeam
Product: OpenList
Published: Feb 02, 2026
Source: NVD
CVE-2026-24763 HIGH - 8.8

OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authentica...

Vendor: clawdbot
Product: clawdbot
Published: Feb 02, 2026
Source: NVD
CVE-2026-24051 HIGH - 7.0

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system command using a search pat...

Vendor: open-telemetry
Product: opentelemetry-go
Published: Feb 02, 2026
Source: NVD
CVE-2026-1777 HIGH - 7.2

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output location...

Vendor: pip
Product: sagemaker
Published: Feb 02, 2026
Source: NVD
CVE-2025-13096 HIGH - 7.1

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote att...

Vendor: IBM
Product: Business Automation Workflow containers, Business Automation Workflow traditional
Published: Feb 02, 2026
Source: NVD
CVE-2026-25223 HIGH - 7.5

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\t) followed by arbitrary content t...

Vendor: npm
Product: fastify
Published: Feb 02, 2026
Source: GitHub
CVE-2026-25499 HIGH - 7.5

Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patch...

Vendor: go
Product: github.com/bpg/terraform-provider-proxmox
Published: Feb 02, 2026
Source: GitHub
CVE-2026-25059 HIGH - 8.8

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. This a...

Vendor: go
Product: github.com/OpenListTeam/OpenList/v4
Published: Feb 02, 2026
Source: GitHub
CVE-2026-24737 HIGH - 8.1

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties,...

Vendor: npm
Product: jspdf
Published: Feb 02, 2026
Source: GitHub

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out...

Vendor: npm
Product: jspdf
Published: Feb 02, 2026
Source: GitHub