Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,827
Quick preset (or use dates below)
Clear Filters
Showing 12,761 - 12,780 of 14,271 CVEs
CVE-2026-24411 HIGH - 7.1

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or othe...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24410 HIGH - 7.1

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic(). This occurs when user-controllable input is unsafely incorporated into IC...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24409 HIGH - 7.1

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml(). This occurs when user-controllable input is unsafely incorporat...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24407 HIGH - 7.1

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary ...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24406 HIGH - 8.8

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-controllable input is unsafely incorporated into ICC profil...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24405 HIGH - 8.8

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely incorporated into ICC profile da...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24404 HIGH - 7.1

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely incorpo...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2026-24403 HIGH - 7.1

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader() when user-controllable input is incorporated into profile data un...

Vendor: InternationalColorConsortium
Product: iccDEV
Published: Jan 24, 2026
Source: NVD
CVE-2025-52026 HIGH - 7.5

An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is ...

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2025-67264 HIGH - 7.8

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2025-70986 HIGH - 7.5

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data.

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2025-67230 HIGH - 7.1

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation.

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2021-47904 HIGH - 8.8

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.

Vendor: Phreesoft
Product: PhreeBooks
Published: Jan 23, 2026
Source: NVD
CVE-2021-47903 HIGH - 8.8

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution v...

Vendor: LiteSpeed Technologies Inc
Product: LiteSpeed Web Server Enterprise
Published: Jan 23, 2026
Source: NVD
CVE-2021-47898 HIGH - 7.8

Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access.

Vendor: Epson America, Inc.
Product: Epson USB Display
Published: Jan 23, 2026
Source: NVD
CVE-2021-47897 HIGH - 7.2

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution.

Vendor: PEEL eCommerce
Product: PEEL Shopping
Published: Jan 23, 2026
Source: NVD
CVE-2021-47896 HIGH - 7.8

PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will be r...

Vendor: PDF Complete, Inc.
Product: PDFCOMPLETE Corporate Edition
Published: Jan 23, 2026
Source: NVD
CVE-2021-47895 HIGH - 7.5

Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an appli...

Vendor: Nsauditor
Product: Nsauditor
Published: Jan 23, 2026
Source: NVD
CVE-2021-47894 HIGH - 7.5

Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-character buffer and paste it into the IP Address and SNMP Community Name fields to trigger the applicati...

Vendor: Northwest Performance Software, Inc.
Product: Managed Switch Port Mapping Tool
Published: Jan 23, 2026
Source: NVD
CVE-2021-47893 HIGH - 7.5

AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to trigger an application...

Vendor: Agatasoft
Product: AgataSoft PingMaster Pro
Published: Jan 23, 2026
Source: NVD