Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,659
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 12,821 - 12,840 of 13,594 CVEs
CVE-2025-11043 HIGH - 7.4

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.

Vendor: B&R Industrial Automation GmbH
Product: B&R Automation Studio
Published: Jan 19, 2026
Source: NVD
CVE-2026-1159 HIGH - 7.3

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This issue affects some unknown processing of the file /order_online.php. Executing a manipulation of the argument product_name can lead to sql injection. The attack can be launched remotely. The exploit has been...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1158 HIGH - 8.8

A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be initi...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1007 HIGH - 7.6

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.

Published: Jan 19, 2026
Source: NVD
CVE-2026-1157 HIGH - 8.8

A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and migh...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1156 HIGH - 8.8

A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicl...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1155 HIGH - 8.8

A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack may be performed from remote. The exploit has been made...

Published: Jan 19, 2026
Source: NVD
CVE-2025-29847 HIGH - 7.5

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can tr...

Vendor: Apache Software Foundation
Product: Apache Linkis
Published: Jan 19, 2026
Source: NVD
CVE-2026-1143 HIGH - 8.8

A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1140 HIGH - 8.8

A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted e...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1139 HIGH - 8.8

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1138 HIGH - 8.8

A flaw has been found in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about ...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1137 HIGH - 8.8

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig. Performing a manipulation results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. The...

Published: Jan 19, 2026
Source: NVD
CVE-2026-0943 HIGH - 7.5

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.Β  Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.

Published: Jan 19, 2026
Source: NVD
CVE-2026-1133 HIGH - 7.3

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has be...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1132 HIGH - 7.3

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has b...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1131 HIGH - 7.3

A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been dis...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1130 HIGH - 7.3

A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been p...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1129 HIGH - 7.3

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public a...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1125 HIGH - 7.3

A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. The attack can be executed remotely. The exploit has been made avail...

Published: Jan 18, 2026
Source: NVD