Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,859
Quick preset (or use dates below)
Clear Filters
Showing 12,401 - 12,420 of 14,217 CVEs
CVE-2022-50976 HIGH - 7.7

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.

Vendor: Innomic, avibia
Product: VibroLine Configurator 5.0, AvibiaLine Configurator 5.0, VibroLine Configurator 4.0
Published: Feb 02, 2026
Source: NVD
CVE-2022-50975 HIGH - 8.8

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.

Published: Feb 02, 2026
Source: NVD
CVE-2026-24070 HIGH - 8.8

During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servic...

Vendor: Native Instruments
Product: Native Access
Published: Feb 02, 2026
Source: NVD
CVE-2026-1761 HIGH - 8.6

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. Th...

Published: Feb 02, 2026
Source: NVD
CVE-2025-8587 HIGH - 8.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026.

Published: Feb 02, 2026
Source: NVD
CVE-2026-0599 HIGH - 7.5

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET req...

Vendor: pip
Product: text-generation
Published: Feb 02, 2026
Source: NVD
CVE-2025-10279 HIGH - 7.0

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtua...

Vendor: mlflow
Product: mlflow/mlflow
Published: Feb 02, 2026
Source: NVD
CVE-2024-4147 HIGH - 7.5

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, ...

Published: Feb 02, 2026
Source: NVD
CVE-2026-1117 HIGH - 8.2

A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The `add_events` function registers event handlers such as `generate_text`, `cancel_generation`, `generate_msg`, and `generate_msg_from` withou...

Vendor: pip
Product: lollms
Published: Feb 02, 2026
Source: NVD
CVE-2024-54263 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13.

Vendor: Talemy
Product: Spirit Framework
Published: Feb 02, 2026
Source: NVD
CVE-2026-20422 HIGH - 7.5

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

Vendor: mediatek
Product: nr15
Published: Feb 02, 2026
Source: NVD
CVE-2026-20421 HIGH - 7.5

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

Vendor: MediaTek, Inc.
Product: MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8791
Published: Feb 02, 2026
Source: NVD
CVE-2026-20420 HIGH - 7.5

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...

Vendor: mediatek
Product: nr15
Published: Feb 02, 2026
Source: NVD
CVE-2026-20419 HIGH - 7.5

In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR004...

Vendor: MediaTek, Inc.
Product: MT6890, MT6989TB, MT7902, MT7915, MT7916, MT7920, MT7921, MT7922, MT7925, MT7927, MT7981, MT7986, MT8196, MT8668, MT8676, MT8678, MT8775, MT8791T, MT8792, MT8793, MT8796, MT8873, MT8883, MT8893, MT8910
Published: Feb 02, 2026
Source: NVD
CVE-2026-20418 HIGH - 8.8

In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465153; Issue ID: MSV-4927.

Vendor: MediaTek, Inc.
Product: MT7931, MT7933
Published: Feb 02, 2026
Source: NVD
CVE-2026-20412 HIGH - 7.8

In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.

Vendor: MediaTek, Inc.
Product: MT6878, MT6879, MT6881, MT6886, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT6993, MT8168, MT8188, MT8195, MT8365, MT8390, MT8395, MT8666, MT8667, MT8673, MT8676, MT8696, MT8793
Published: Feb 02, 2026
Source: NVD
CVE-2026-20411 HIGH - 7.8

In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.

Vendor: MediaTek, Inc.
Product: MT6878, MT6879, MT6881, MT6886, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT6993, MT8168, MT8188, MT8195, MT8365, MT8370, MT8390, MT8395, MT8666, MT8667, MT8673, MT8676, MT8793
Published: Feb 02, 2026
Source: NVD
CVE-2026-20409 HIGH - 7.8

In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.

Vendor: MediaTek, Inc.
Product: MT6897, MT6989
Published: Feb 02, 2026
Source: NVD
CVE-2026-20408 HIGH - 8.0

In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.

Vendor: MediaTek, Inc.
Product: MT6890, MT7615, MT7915, MT7916, MT7981, MT7986
Published: Feb 02, 2026
Source: NVD
CVE-2026-20407 HIGH - 8.8

In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00464377; Issue ID: MSV-4905.

Vendor: MediaTek, Inc.
Product: MT7902, MT7920, MT7921, MT7922, MT7925, MT7927
Published: Feb 02, 2026
Source: NVD