Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,859
Quick preset (or use dates below)
Clear Filters
Showing 12,381 - 12,400 of 14,217 CVEs
CVE-2026-23997 HIGH - 8.0

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity en...

Vendor: composer
Product: facturascripts/facturascripts
Published: Feb 02, 2026
Source: GitHub
CVE-2026-22229 HIGH - 7.2

A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe ...

Vendor: TP-Link Systems Inc.
Product: Archer BE230 v1.2
Published: Feb 02, 2026
Source: NVD
CVE-2026-22227 HIGH - 7.2

A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromi...

Vendor: TP-Link Systems Inc.
Product: Archer BE230 v1.2
Published: Feb 02, 2026
Source: NVD
CVE-2026-22226 HIGH - 7.2

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of confi...

Vendor: TP-Link Systems Inc.
Product: Archer BE230 v1.2
Published: Feb 02, 2026
Source: NVD
CVE-2026-22225 HIGH - 7.2

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrit...

Vendor: TP-Link Systems Inc.
Product: Archer BE230 v1.2
Published: Feb 02, 2026
Source: NVD
CVE-2026-22224 HIGH - 7.2

A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configu...

Vendor: TP-Link Systems Inc.
Product: Archer BE230 v1.2
Published: Feb 02, 2026
Source: NVD
CVE-2026-22223 HIGH - 8.0

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration inte...

Vendor: TP-Link System Inc.
Product: Archer BE230 v1.2
Published: Feb 02, 2026
Source: NVD
CVE-2026-22222 HIGH - 8.0

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration int...

Vendor: TP-Link Systems Inc.
Product: Archer BE230 v1.2
Published: Feb 02, 2026
Source: NVD
CVE-2026-22221 HIGH - 8.0

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration inte...

Vendor: TP-Link Systems Inc.
Product: Archer BE230 v1.2
Published: Feb 02, 2026
Source: NVD
CVE-2026-0631 HIGH - 8.0

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration ...

Vendor: tp-link
Product: archer_be230_firmware
Published: Feb 02, 2026
Source: NVD
CVE-2026-0630 HIGH - 8.0

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration int...

Vendor: tp-link
Product: archer_be230_firmware
Published: Feb 02, 2026
Source: NVD
CVE-2025-47399 HIGH - 7.8

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Feb 02, 2026
Source: NVD
CVE-2025-47398 HIGH - 7.8

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Feb 02, 2026
Source: NVD
CVE-2025-47397 HIGH - 7.8

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Feb 02, 2026
Source: NVD
CVE-2025-47366 HIGH - 7.1

Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Feb 02, 2026
Source: NVD
CVE-2025-47359 HIGH - 7.8

Memory Corruption when multiple threads simultaneously access a memory free API.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Feb 02, 2026
Source: NVD
CVE-2025-47358 HIGH - 7.8

Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Feb 02, 2026
Source: NVD
CVE-2025-14914 HIGH - 7.6

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

Vendor: IBM
Product: WebSphere Application Server Liberty
Published: Feb 02, 2026
Source: NVD
CVE-2022-50978 HIGH - 7.5

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).

Published: Feb 02, 2026
Source: NVD
CVE-2022-50977 HIGH - 7.5

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.

Published: Feb 02, 2026
Source: NVD