Total CVEs

143,768

Critical Severity

4,091

High Severity

14,768

Last 7 Days

1,510
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,321 - 1,340 of 1,590 CVEs
CVE-2026-2967 LOW - 3.7

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiated ...

Vendor: cesanta
Product: mongoose
Published: Feb 23, 2026
Source: NVD
CVE-2026-2966 LOW - 3.7

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched re...

Vendor: cesanta
Product: mongoose
Published: Feb 23, 2026
Source: NVD
CVE-2026-2965 LOW - 2.4

A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site scripting. The attac...

Published: Feb 23, 2026
Source: NVD
CVE-2026-2947 LOW - 3.5

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed rem...

Vendor: rymcu
Product: forest
Published: Feb 22, 2026
Source: NVD
CVE-2026-2946 LOW - 3.5

A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. The manipulation leads to cross site scripting. R...

Vendor: rymcu
Product: forest
Published: Feb 22, 2026
Source: NVD
CVE-2026-2939 LOW - 2.4

A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been mad...

Vendor: itsourcecode
Product: student_management_system
Published: Feb 22, 2026
Source: NVD
CVE-2026-2934 LOW - 2.4

A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attac...

Vendor: yifangcms
Product: yifang
Published: Feb 22, 2026
Source: NVD
CVE-2026-2933 LOW - 2.4

A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The...

Vendor: yifangcms
Product: yifang
Published: Feb 22, 2026
Source: NVD
CVE-2026-2932 LOW - 2.4

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is possib...

Vendor: yifangcms
Product: yifang
Published: Feb 22, 2026
Source: NVD
CVE-2026-2913 LOW - 2.5

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is ra...

Vendor: libvips
Product: libvips
Published: Feb 22, 2026
Source: NVD
CVE-2026-2903 LOW - 3.3

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name: febeb977936f9...

Published: Feb 22, 2026
Source: NVD
CVE-2026-2897 LOW - 2.4

A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be carried...

Vendor: funadmin
Product: funadmin
Published: Feb 22, 2026
Source: NVD
CVE-2026-2895 LOW - 3.7

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forget_code/vercode results in weak password recovery. Remote exploitation of the attack is possibl...

Vendor: funadmin
Product: funadmin
Published: Feb 21, 2026
Source: NVD
CVE-2026-2889 LOW - 3.3

A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6 i...

Published: Feb 21, 2026
Source: NVD
CVE-2026-2887 LOW - 3.3

A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. The attack can only be performed from a local environment. The exploit has been disclo...

Vendor: strlen
Product: lobster
Published: Feb 21, 2026
Source: NVD
CVE-2026-2869 LOW - 3.3

A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. ...

Vendor: janet-lang
Product: janet
Published: Feb 21, 2026
Source: NVD

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may al...

Vendor: bigbluebutton
Product: bigbluebutton
Published: Feb 21, 2026
Source: NVD
CVE-2026-2858 LOW - 3.3

A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and migh...

Vendor: wren
Product: wren
Published: Feb 20, 2026
Source: NVD

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling (timeout, kick, ban) uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and t...

Vendor: npm
Product: openclaw
Published: Feb 20, 2026
Source: GitHub

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be us...

Vendor: detronetdip
Product: E-commerce
Published: Feb 20, 2026
Source: NVD