Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,729
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,721 - 12,740 of 13,594 CVEs
CVE-2021-47857 HIGH - 7.2

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the even...

Vendor: Moodle
Product: Moodle
Published: Jan 21, 2026
Source: NVD
CVE-2021-47855 HIGH - 7.2

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on th...

Vendor: LiteSpeed Technologies
Product: OpenLiteSpeed
Published: Jan 21, 2026
Source: NVD
CVE-2021-47853 HIGH - 8.8

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operating s...

Vendor: phppgadmin
Product: phpPgAdmin
Published: Jan 21, 2026
Source: NVD
CVE-2021-47852 HIGH - 8.8

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated system a...

Vendor: Rockstar Games
Product: Rockstar Games Launcher
Published: Jan 21, 2026
Source: NVD
CVE-2021-47850 HIGH - 7.5

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating fi...

Vendor: Yodinfo
Product: Mini Mouse
Published: Jan 21, 2026
Source: NVD
CVE-2021-47848 HIGH - 8.2

Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request by sending a crafted username with SQL injection techniques to gain unauthorized administrative ac...

Vendor: satndy
Product: Aplikasi-Biro-Travel
Published: Jan 21, 2026
Source: NVD
CVE-2021-47846 HIGH - 8.2

Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password parameters...

Vendor: I Want Source Codes
Product: Digital Crime Report Management System
Published: Jan 21, 2026
Source: NVD
CVE-2021-47802 HIGH - 7.5

Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication...

Vendor: Shenzhen Tenda Technology Co.,Ltd.
Product: Tenda D151 & D301
Published: Jan 21, 2026
Source: NVD
CVE-2021-47770 HIGH - 8.8

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network connec...

Vendor: Autonomy
Product: OpenPLC
Published: Jan 21, 2026
Source: NVD
CVE-2021-47746 HIGH - 7.5

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipu...

Vendor: NodeBB
Product: NodeBB Plugin Emoji
Published: Jan 21, 2026
Source: NVD
CVE-2025-70648 HIGH - 7.5

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: n/a
Product: n/a
Published: Jan 21, 2026
Source: NVD
CVE-2025-70646 HIGH - 7.5

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: n/a
Product: n/a
Published: Jan 21, 2026
Source: NVD
CVE-2025-70644 HIGH - 7.5

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_60CFC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: n/a
Product: n/a
Published: Jan 21, 2026
Source: NVD
CVE-2026-23957 HIGH - 7.5

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing time....

Vendor: npm
Product: seroval
Published: Jan 21, 2026
Source: GitHub
CVE-2026-23956 HIGH - 7.5

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp seri...

Vendor: npm
Product: seroval
Published: Jan 21, 2026
Source: GitHub
CVE-2025-70651 HIGH - 7.5

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: n/a
Product: n/a
Published: Jan 21, 2026
Source: NVD
CVE-2025-70650 HIGH - 7.5

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: n/a
Product: n/a
Published: Jan 21, 2026
Source: NVD
CVE-2025-70645 HIGH - 7.5

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Vendor: n/a
Product: n/a
Published: Jan 21, 2026
Source: NVD
CVE-2026-23965 HIGH - 7.5

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for arbi...

Vendor: npm
Product: sm-crypto
Published: Jan 21, 2026
Source: GitHub
CVE-2026-23967 HIGH - 7.5

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a previous...

Vendor: npm
Product: sm-crypto
Published: Jan 21, 2026
Source: GitHub