Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,881
Quick preset (or use dates below)
Clear Filters
Showing 12,501 - 12,520 of 14,675 CVEs
CVE-2026-25537 MEDIUM - 7.5

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim (such as nbf or exp) is provided with an incorrect JSON type (Like a String instead of a Number), the libraryโ€™s inte...

Vendor: rust
Product: jsonwebtoken
Published: Feb 03, 2026
Source: GitHub

Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain...

Vendor: pip
Product: wagtail
Published: Feb 03, 2026
Source: GitHub
CVE-2026-24774 MEDIUM - 4.3

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by d...

Vendor: gunet
Product: openeclass
Published: Feb 03, 2026
Source: NVD
CVE-2026-24674 MEDIUM - 4.7

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS) vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and tr...

Vendor: gunet
Product: openeclass
Published: Feb 03, 2026
Source: NVD
CVE-2026-24673 MEDIUM - 4.3

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnerability allows attackers to upload files with prohibited extensions by embedding them inside ZIP archives and extracting them using the applic...

Vendor: gunet
Product: openeclass
Published: Feb 03, 2026
Source: NVD
CVE-2026-24671 MEDIUM - 6.1

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated high-privileged users (teachers or administrators) to inject malicious JavaScript into multiple user-controll...

Vendor: gunet
Product: openeclass
Published: Feb 03, 2026
Source: NVD
CVE-2026-24670 MEDIUM - 6.5

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patche...

Vendor: gunet
Product: openeclass
Published: Feb 03, 2026
Source: NVD
CVE-2026-24668 MEDIUM - 6.5

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue ha...

Vendor: gunet
Product: openeclass
Published: Feb 03, 2026
Source: NVD
CVE-2026-24667 MEDIUM - 5.0

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user accoun...

Vendor: gunet
Product: openeclass
Published: Feb 03, 2026
Source: NVD
CVE-2026-24666 MEDIUM - 6.5

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as ...

Vendor: gunet
Product: openeclass
Published: Feb 03, 2026
Source: NVD
CVE-2026-24664 MEDIUM - 5.3

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been p...

Vendor: gunet
Product: openeclass
Published: Feb 03, 2026
Source: NVD
CVE-2025-71179 MEDIUM - 6.1

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/course_bundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...

Vendor: creativeitem
Product: academy_lms
Published: Feb 03, 2026
Source: NVD
CVE-2025-69848 MEDIUM - 6.1

NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper escap...

Published: Feb 03, 2026
Source: NVD
CVE-2025-65924 MEDIUM - 6.1

ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically `<a>` hyperlinks in fields that are intended for plain text. Although JavaScript is blocked (preventing XSS), the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious...

Published: Feb 03, 2026
Source: NVD
CVE-2025-65923 MEDIUM - 5.4

A Stored Cross-Site Scripting (XSS) vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious JavaScript code into a CSV field, which is then stored in the database and executed whenever the affe...

Published: Feb 03, 2026
Source: NVD
CVE-2025-58348 MEDIUM - 6.2

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/confg_tspec write operation, leading to ke...

Vendor: samsung
Product: exynos_980_firmware
Published: Feb 03, 2026
Source: NVD
CVE-2025-58347 MEDIUM - 6.2

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/p2p_certif write operation, leading to ker...

Vendor: samsung
Product: exynos_980_firmware
Published: Feb 03, 2026
Source: NVD
CVE-2025-58346 MEDIUM - 6.2

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_addts write operation, leading to ker...

Vendor: samsung
Product: exynos_980_firmware
Published: Feb 03, 2026
Source: NVD
CVE-2025-58345 MEDIUM - 6.2

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_certif_11ax_mode write operation, leadi...

Vendor: samsung
Product: exynos_980_firmware
Published: Feb 03, 2026
Source: NVD
CVE-2025-58344 MEDIUM - 6.2

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation in a /proc/driver/unifi0/conn_log_event_burst_to_us write operation, leading to kernel...

Vendor: samsung
Product: exynos_980_firmware
Published: Feb 03, 2026
Source: NVD