Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,706
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,741 - 12,760 of 13,594 CVEs
CVE-2026-22807 HIGH - 8.8

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, allowing attacker-controlled Python code in a model repo...

Vendor: pip
Product: vllm
Published: Jan 21, 2026
Source: GitHub
CVE-2026-23737 HIGH - 7.5

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding constant ...

Vendor: npm
Product: seroval
Published: Jan 21, 2026
Source: GitHub
CVE-2026-23736 HIGH - 7.3

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This vulnerability affects only JSON deser...

Vendor: npm
Product: seroval
Published: Jan 21, 2026
Source: GitHub
CVE-2026-22444 HIGH - 7.1

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting https://h...

Vendor: maven
Product: org.apache.solr:solr-core
Published: Jan 21, 2026
Source: GitHub
CVE-2026-22022 HIGH - 8.2

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components.ย  Only deployments that meet all of the followin...

Vendor: maven
Product: org.apache.solr:solr-core
Published: Jan 21, 2026
Source: GitHub
CVE-2025-13878 HIGH - 7.5

Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.

Vendor: ISC
Product: BIND 9
Published: Jan 21, 2026
Source: NVD
CVE-2026-24016 HIGH - 7.8

The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.

Vendor: Fsas Technologies Inc.
Product: ServerView Agents for Windows
Published: Jan 21, 2026
Source: NVD
CVE-2025-68133 HIGH - 7.4

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new ...

Vendor: EVerest
Product: everest-core
Published: Jan 21, 2026
Source: NVD
CVE-2026-23950 HIGH - 8.8

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has ...

Vendor: npm
Product: tar
Published: Jan 21, 2026
Source: GitHub

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read (LFD). Version 3.5.4 fixes the issue.

Vendor: go
Product: github.com/siyuan-note/siyuan/kernel
Published: Jan 21, 2026
Source: GitHub

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without pro...

Vendor: go
Product: github.com/siyuan-note/siyuan/kernel
Published: Jan 21, 2026
Source: GitHub
CVE-2026-21990 HIGH - 8.2

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21989 HIGH - 8.1

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21988 HIGH - 8.2

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21987 HIGH - 8.2

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21986 HIGH - 7.1

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21984 HIGH - 7.5

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compro...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21983 HIGH - 7.5

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compro...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21982 HIGH - 7.5

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware whe...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21976 HIGH - 7.1

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Oracle Analytics Cloud). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure w...

Published: Jan 20, 2026
Source: NVD