Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,598
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 13,301 - 13,320 of 13,618 CVEs
CVE-2026-22594 HIGH - 8.1

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.

Vendor: ghost
Product: ghost
Published: Jan 10, 2026
Source: NVD
CVE-2026-22029 HIGH - 8.0

React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs ...

Published: Jan 10, 2026
Source: NVD
CVE-2026-21884 HIGH - 8.2

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's <ScrollRestoration> API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could...

Published: Jan 10, 2026
Source: NVD
CVE-2025-59057 HIGH - 7.6

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta()/<Meta> APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaS...

Published: Jan 10, 2026
Source: NVD
CVE-2026-22612 HIGH - 7.8

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7.

Vendor: trailofbits
Product: fickling
Published: Jan 10, 2026
Source: NVD
CVE-2026-22609 HIGH - 7.8

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be det...

Vendor: trailofbits
Product: fickling
Published: Jan 10, 2026
Source: NVD
CVE-2026-22608 HIGH - 7.8

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools (like picklescan) do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner sti...

Vendor: trailofbits
Product: fickling
Published: Jan 10, 2026
Source: NVD
CVE-2026-22607 HIGH - 7.8

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on F...

Vendor: trailofbits
Product: fickling
Published: Jan 10, 2026
Source: NVD
CVE-2026-22606 HIGH - 7.8

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.run_path() or runpy.run_module() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a ...

Vendor: trailofbits
Product: fickling
Published: Jan 10, 2026
Source: NVD
CVE-2026-22601 HIGH - 7.2

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2.

Vendor: openproject
Product: openproject
Published: Jan 10, 2026
Source: NVD
CVE-2026-22697 HIGH - 7.5

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...

Vendor: nasa
Product: cryptolib
Published: Jan 10, 2026
Source: NVD
CVE-2026-22026 HIGH - 7.5

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KM...

Vendor: nasa
Product: cryptolib
Published: Jan 10, 2026
Source: NVD
CVE-2026-22023 HIGH - 7.5

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read vulnerabi...

Vendor: nasa
Product: cryptolib
Published: Jan 10, 2026
Source: NVD
CVE-2026-21898 HIGH - 8.2

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads...

Vendor: nasa
Product: cryptolib
Published: Jan 10, 2026
Source: NVD
CVE-2026-21897 HIGH - 7.3

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameter...

Vendor: nasa
Product: cryptolib
Published: Jan 10, 2026
Source: NVD
CVE-2026-0830 HIGH - 7.8

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

Published: Jan 09, 2026
Source: NVD
CVE-2025-67070 HIGH - 8.2

A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to the...

Published: Jan 09, 2026
Source: NVD
CVE-2026-22197 HIGH - 8.1

GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate da...

Vendor: gestsup
Product: gestsup
Published: Jan 09, 2026
Source: NVD
CVE-2026-22196 HIGH - 8.1

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Succes...

Vendor: gestsup
Product: gestsup
Published: Jan 09, 2026
Source: NVD
CVE-2026-22195 HIGH - 8.1

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can resu...

Vendor: gestsup
Product: gestsup
Published: Jan 09, 2026
Source: NVD