Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,521 - 12,540 of 14,292 CVEs
CVE-2025-58343 MEDIUM - 6.2

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/create_tspec write operation, leading to k...

Vendor: samsung
Product: exynos_980_firmware
Published: Feb 03, 2026
Source: NVD
CVE-2025-58342 MEDIUM - 6.2

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation, leading to kernel m...

Vendor: samsung
Product: exynos_980_firmware
Published: Feb 03, 2026
Source: NVD
CVE-2025-58341 MEDIUM - 6.2

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_cert_disable_ht_vht write operation, le...

Vendor: samsung
Product: exynos_980_firmware
Published: Feb 03, 2026
Source: NVD
CVE-2025-58340 MEDIUM - 6.2

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_delts write operation, leading to ker...

Vendor: samsung
Product: exynos_980_firmware
Published: Feb 03, 2026
Source: NVD
CVE-2025-52627 MEDIUM - 5.5

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.

Vendor: HCL
Product: AION
Published: Feb 03, 2026
Source: NVD
CVE-2025-52626 MEDIUM - 4.5

A Potential Command Injection vulnerability in HCL AION.ย  An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0

Vendor: HCL
Product: AION
Published: Feb 03, 2026
Source: NVD
CVE-2020-37115 MEDIUM - 6.5

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.

Vendor: Openeclass
Product: GUnet OpenEclass
Published: Feb 03, 2026
Source: NVD
CVE-2020-37114 MEDIUM - 4.3

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can ...

Vendor: Openeclass
Product: GUnet OpenEclass
Published: Feb 03, 2026
Source: NVD
CVE-2020-37111 MEDIUM - 6.1

60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts ...

Vendor: Davidvg
Product: 60CycleCMS
Published: Feb 03, 2026
Source: NVD
CVE-2020-37103 MEDIUM - 6.4

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potential...

Vendor: Dnnsoftware
Product: DotNetNuke
Published: Feb 03, 2026
Source: NVD
CVE-2019-25265 MEDIUM - 6.4

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft...

Vendor: Bigprof
Product: Online Inventory Manager
Published: Feb 03, 2026
Source: NVD
CVE-2019-25264 MEDIUM - 6.4

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users.

Vendor: Snipeitapp
Product: IT Open Source Asset Management
Published: Feb 03, 2026
Source: NVD
CVE-2019-25263 MEDIUM - 6.4

Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded by o...

Vendor: Sweethawk
Product: Zendesk App SweetHawk Survey
Published: Feb 03, 2026
Source: NVD

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be ac...

Vendor: rustfs
Product: rustfs
Published: Feb 03, 2026
Source: NVD
CVE-2026-23795 MEDIUM - 4.9

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. This...

Vendor: Apache Software Foundation
Product: Apache Syncope
Published: Feb 03, 2026
Source: NVD
CVE-2026-23794 MEDIUM - 6.8

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users ...

Vendor: Apache Software Foundation
Product: Apache Syncope
Published: Feb 03, 2026
Source: NVD
CVE-2026-25028 MEDIUM - 5.4

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.1.

Vendor: Element Invader
Product: ElementInvader Addons for Elementor
Published: Feb 03, 2026
Source: NVD
CVE-2026-25024 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Cross Site Request Forgery.This issue affects ThirstyAffiliates: from n/a through <= 3.11.9.

Vendor: Blair Williams
Product: ThirstyAffiliates
Published: Feb 03, 2026
Source: NVD
CVE-2026-25023 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a throu...

Vendor: mdedev
Product: Run Contests, Raffles, and Giveaways with ContestsWP
Published: Feb 03, 2026
Source: NVD
CVE-2026-25021 MEDIUM - 5.4

Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer mizan-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mizan Demo Importer: from n/a through <= 0.1.3.

Vendor: Mizan Themes
Product: Mizan Demo Importer
Published: Feb 03, 2026
Source: NVD