Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,893
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,361 - 13,380 of 14,373 CVEs
CVE-2026-23874 MEDIUM - 5.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format. Version 7.1.2-13 fixes the issue.

Vendor: nuget
Product: Magick.NET-Q8-x64
Published: Jan 21, 2026
Source: GitHub
CVE-2026-23886 MEDIUM - 5.3

Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol (OTLP) backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a denial-of-s...

Vendor: swift
Product: github.com/swift-otel/swift-w3c-trace-context
Published: Jan 21, 2026
Source: GitHub
CVE-2026-23885 MEDIUM - 6.4

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby `eval()` function to dynamically execute a string provided by the `resource_handler.engine_name` attribute in `Alchemy::ResourcesHelper#resource_url_...

Vendor: rubygems
Product: alchemy_cms
Published: Jan 21, 2026
Source: GitHub

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check `ptr + field_length &g...

Vendor: pip
Product: esphome
Published: Jan 21, 2026
Source: GitHub

Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's `list_folders()` function in the `/folder/dir-browser` endpoint is vulnerable to directory traversal attacks. Any authenticated user (including non-admin) can browse arbitrary directories on t...

Vendor: pip
Product: swingmusic
Published: Jan 21, 2026
Source: GitHub
CVE-2026-23849 MEDIUM - 5.3

File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuring ...

Vendor: go
Product: github.com/filebrowser/filebrowser
Published: Jan 21, 2026
Source: GitHub
CVE-2026-23845 MEDIUM - 5.8

Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) via HTML Check CSS Download. The HTML Check feature (`/api/v1/message/{ID}/html-check`) is designed to analyze HTML emails for compatibility. During this process, th...

Vendor: go
Product: github.com/axllent/mailpit
Published: Jan 21, 2026
Source: GitHub

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...

Vendor: npm
Product: @anthropic-ai/claude-code
Published: Jan 21, 2026
Source: GitHub
CVE-2026-21985 MEDIUM - 6.0

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21981 MEDIUM - 4.6

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21980 MEDIUM - 6.5

Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life ...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21979 MEDIUM - 4.2

Vulnerability in the Oracle Planning and Budgeting Cloud Service product of Oracle Hyperion (component: EPM Agent). The supported version that is affected is 25.04.07. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Planning and Budget...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21978 MEDIUM - 6.5

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Relationship Pricing). Supported versions that are affected are 14.0.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21975 MEDIUM - 4.5

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Java VM. Succ...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21974 MEDIUM - 5.3

Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Lif...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21972 MEDIUM - 5.3

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Success...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21971 MEDIUM - 5.4

Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purcha...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21970 MEDIUM - 6.5

Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications (component: Platform). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21968 MEDIUM - 6.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MyS...

Published: Jan 20, 2026
Source: NVD
CVE-2026-21966 MEDIUM - 6.1

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

Published: Jan 20, 2026
Source: NVD