Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,859
Quick preset (or use dates below)
Clear Filters
Showing 12,421 - 12,440 of 14,217 CVEs
CVE-2026-20406 HIGH - 7.5

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: M...

Vendor: mediatek
Product: nr15
Published: Feb 02, 2026
Source: NVD
CVE-2026-20405 HIGH - 7.5

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ...

Vendor: mediatek
Product: nr15
Published: Feb 02, 2026
Source: NVD
CVE-2026-20404 HIGH - 7.5

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

Vendor: mediatek
Product: nr15
Published: Feb 02, 2026
Source: NVD
CVE-2026-20403 HIGH - 7.5

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ...

Vendor: mediatek
Product: nr15
Published: Feb 02, 2026
Source: NVD
CVE-2026-20402 HIGH - 7.5

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

Vendor: MediaTek, Inc.
Product: MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797
Published: Feb 02, 2026
Source: NVD
CVE-2026-20401 HIGH - 7.5

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: M...

Vendor: MediaTek, Inc.
Product: MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797
Published: Feb 02, 2026
Source: NVD
CVE-2025-9974 HIGH - 8.8

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitrary ...

Published: Feb 02, 2026
Source: NVD
CVE-2025-15396 HIGH - 7.1

The Library Viewer WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Vendor: Unknown
Product: Library Viewer
Published: Feb 02, 2026
Source: NVD
CVE-2026-1531 HIGH - 8.1

A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and Op...

Vendor: rubygems
Product: foreman_kubevirt
Published: Feb 02, 2026
Source: NVD
CVE-2026-1530 HIGH - 8.1

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in infor...

Vendor: rubygems
Product: fog-kubevirt
Published: Feb 02, 2026
Source: NVD
CVE-2026-25201 HIGH - 8.8

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.

Vendor: Samsung Electronics
Product: MagicINFO 9 Server
Published: Feb 02, 2026
Source: NVD
CVE-2026-24788 HIGH - 8.8

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.

Vendor: RaspAP
Product: raspap-webgui
Published: Feb 02, 2026
Source: NVD
CVE-2026-1740 HIGH - 7.3

A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has b...

Published: Feb 02, 2026
Source: NVD
CVE-2026-25253 HIGH - 8.8

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Vendor: OpenClaw
Product: OpenClaw
Published: Feb 01, 2026
Source: NVD
CVE-2025-67601 HIGH - 8.4

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

Vendor: go
Product: github.com/rancher/rancher
Published: Feb 01, 2026
Source: GitHub
CVE-2020-37064 HIGH - 7.8

EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject mali...

Vendor: Epson
Product: EPSON EasyMP Network Projection
Published: Feb 01, 2026
Source: NVD
CVE-2020-37063 HIGH - 7.8

TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem ...

Vendor: Weird-Solutions
Product: TFTP Turbo
Published: Feb 01, 2026
Source: NVD
CVE-2020-37062 HIGH - 7.8

DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.

Vendor: Weird Solutions
Product: DHCP Turbo
Published: Feb 01, 2026
Source: NVD
CVE-2020-37061 HIGH - 7.8

BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with Local...

Vendor: Weird-Solutions
Product: BOOTP Turbo
Published: Feb 01, 2026
Source: NVD
CVE-2020-37055 HIGH - 7.8

SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during...

Vendor: Enigmasoftware
Product: SpyHunter
Published: Feb 01, 2026
Source: NVD