Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,893
Quick preset (or use dates below)
Clear Filters
Showing 13,281 - 13,300 of 14,327 CVEs
CVE-2026-23742 HIGH - 8.8

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The con...

Vendor: zalando
Product: skipper
Published: Jan 16, 2026
Source: NVD
CVE-2026-23723 HIGH - 7.2

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential arbitr...

Vendor: LabRedesCefetRJ
Product: WeGIA
Published: Jan 16, 2026
Source: NVD
CVE-2026-23535 HIGH - 8.0

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.

Vendor: WeblateOrg
Product: wlc
Published: Jan 16, 2026
Source: NVD
CVE-2026-23490 HIGH - 7.5

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

Vendor: pyasn1
Product: pyasn1
Published: Jan 16, 2026
Source: NVD
CVE-2025-68924 HIGH - 7.5

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution.

Vendor: Umbraco
Product: Forms
Published: Jan 16, 2026
Source: NVD
CVE-2025-62291 HIGH - 8.1

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

Vendor: strongSwan
Product: strongSwan
Published: Jan 16, 2026
Source: NVD
CVE-2025-48647 HIGH - 7.8

In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Google Devices
Published: Jan 16, 2026
Source: NVD
CVE-2025-15032 HIGH - 7.4

Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site.

Vendor: The Browser Company of New York
Product: Dia
Published: Jan 16, 2026
Source: NVD
CVE-2021-47847 HIGH - 7.8

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject maliciou...

Vendor: Disksorter
Product: Disk Sorter Server
Published: Jan 16, 2026
Source: NVD
CVE-2021-47845 HIGH - 7.8

Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted file paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe to inject malicious code ...

Vendor: Spy-Emergency
Product: Spy Emergency
Published: Jan 16, 2026
Source: NVD
CVE-2021-47842 HIGH - 7.2

StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution...

Vendor: jotron
Product: StudyMD
Published: Jan 16, 2026
Source: NVD
CVE-2021-47840 HIGH - 7.2

Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the ...

Vendor: Moeditor
Product: Moeditor
Published: Jan 16, 2026
Source: NVD
CVE-2021-47839 HIGH - 7.2

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.

Vendor: vesparny
Product: Marky
Published: Jan 16, 2026
Source: NVD
CVE-2021-47838 HIGH - 7.2

Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim�...

Vendor: dvcrn
Product: Markright
Published: Jan 16, 2026
Source: NVD
CVE-2021-47837 HIGH - 7.2

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution.

Vendor: amitmerchant1990
Product: Markdownify
Published: Jan 16, 2026
Source: NVD
CVE-2021-47835 HIGH - 7.2

Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote c...

Vendor: Freeter
Product: Freeter
Published: Jan 16, 2026
Source: NVD
CVE-2021-47833 HIGH - 7.8

WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiHotSpotService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem per...

Vendor: Gearboxcomputers
Product: WifiHotSpot
Published: Jan 16, 2026
Source: NVD
CVE-2021-47831 HIGH - 7.5

Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash.

Vendor: Sandboxie-Plus
Product: Sandboxie
Published: Jan 16, 2026
Source: NVD
CVE-2021-47829 HIGH - 7.8

DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files\DHCP Broadband 4\dhcpt.exe' to inject malicious code tha...

Vendor: Weird-Solutions
Product: DHCP Broadband
Published: Jan 16, 2026
Source: NVD
CVE-2021-47828 HIGH - 7.8

BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot.

Vendor: Weird-Solutions
Product: BOOTP Turbo
Published: Jan 16, 2026
Source: NVD