Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,606
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 12,901 - 12,920 of 13,594 CVEs
CVE-2026-1023 HIGH - 7.5

Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents.

Vendor: gotac
Product: statistics_database_system
Published: Jan 16, 2026
Source: NVD
CVE-2026-1022 HIGH - 7.5

Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

Vendor: gotac
Product: statistics_database_system
Published: Jan 16, 2026
Source: NVD
CVE-2026-1018 HIGH - 7.5

Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files.

Vendor: gotac
Product: police_statistics_database_system
Published: Jan 16, 2026
Source: NVD
CVE-2025-65118 HIGH - 8.8

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.

Vendor: aveva
Product: process_optimization
Published: Jan 16, 2026
Source: NVD
CVE-2025-65117 HIGH - 7.7

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.

Vendor: aveva
Product: process_optimization
Published: Jan 16, 2026
Source: NVD
CVE-2025-64769 HIGH - 7.1

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios.

Vendor: aveva
Product: process_optimization
Published: Jan 16, 2026
Source: NVD
CVE-2025-64729 HIGH - 8.2

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.

Vendor: aveva
Product: process_optimization
Published: Jan 16, 2026
Source: NVD
CVE-2025-64691 HIGH - 8.8

The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.

Vendor: aveva
Product: process_optimization
Published: Jan 16, 2026
Source: NVD
CVE-2025-61943 HIGH - 7.8

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.

Vendor: aveva
Product: process_optimization
Published: Jan 16, 2026
Source: NVD
CVE-2021-47815 HIGH - 7.5

Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application crash.

Vendor: nsasoft
Product: nsauditor
Published: Jan 16, 2026
Source: NVD
CVE-2021-47814 HIGH - 7.5

NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability.

Vendor: Nsauditor
Product: NBMonitor
Published: Jan 16, 2026
Source: NVD
CVE-2021-47813 HIGH - 7.5

Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer of 256 repeated characters into the registration key field to trigger application instability and p...

Vendor: Nsauditor
Product: Backup Key Recovery
Published: Jan 16, 2026
Source: NVD
CVE-2021-47812 HIGH - 7.5

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with sys...

Vendor: Getgrav
Product: GravCMS
Published: Jan 16, 2026
Source: NVD
CVE-2021-47811 HIGH - 8.2

Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order_by[] parameter in POST requests to the ajax_list endpoint to potentially extract or modify databa...

Vendor: Grocerycrud
Product: Grocery crud
Published: Jan 16, 2026
Source: NVD
CVE-2021-47810 HIGH - 7.8

WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables ...

Vendor: Wibu
Product: WibuKey Runtime
Published: Jan 16, 2026
Source: NVD
CVE-2021-47809 HIGH - 7.8

Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe' to inj...

Vendor: Disksorter
Product: Disk Sorter Enterprise
Published: Jan 16, 2026
Source: NVD
CVE-2021-47808 HIGH - 7.2

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.

Vendor: cotonti.com
Product: Cotonti Siena
Published: Jan 16, 2026
Source: NVD
CVE-2021-47807 HIGH - 7.8

Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...

Vendor: Syncbreeze
Product: Sync Breeze
Published: Jan 16, 2026
Source: NVD
CVE-2021-47806 HIGH - 7.8

Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious execu...

Vendor: Dupscout
Product: Dup Scout
Published: Jan 16, 2026
Source: NVD
CVE-2021-47805 HIGH - 7.8

Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated LocalS...

Vendor: flexense
Product: disksavvy
Published: Jan 16, 2026
Source: NVD