Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,590
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,401 - 13,420 of 13,618 CVEs
CVE-2017-20215 HIGH - 8.8

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete c...

Published: Jan 08, 2026
Source: NVD
CVE-2017-20214 HIGH - 7.5

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.

Published: Jan 08, 2026
Source: NVD
CVE-2017-20213 HIGH - 7.5

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera seri...

Published: Jan 08, 2026
Source: NVD
CVE-2025-69262 HIGH - 7.8

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code E...

Vendor: pnpm
Product: pnpm
Published: Jan 07, 2026
Source: NVD
CVE-2026-22047 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `SIccCalcOp::Describe()` at `IccProfLib/IccMpeCalc.cpp`...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-22046 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccProfileXml::ParseBasic()` at `IccXML/IccLibXML/Icc...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21693 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccSegmentedCurveXml::ToXml()` at `IccXML/IccLibXML/IccMpeX...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21692 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `ToXmlCurve()` at `IccXML/IccLibXML/IccMpeXml.cpp`. This vuln...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21688 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `SIccCalcOp::ArgsPushed()` at `IccProfLib/IccMpeCalc.cpp`. Th...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21687 HIGH - 7.1

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagCurve::CIccTagCurve()`. This vulnerability affects users of the i...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21686 HIGH - 7.1

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLutAtoB::Validate()`. This vulnerability affects users of the icc...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21685 HIGH - 7.1

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLut16::Read()`. This vulnerability affects users of the iccDEV li...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21684 HIGH - 7.1

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagSpectralViewingConditions()`. This vulnerability affects users of...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21683 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `icStatusCMM::CIccEvalCompare::EvaluateProfile()`. This vulne...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21441 HIGH - 7.5

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTT...

Vendor: python
Product: urllib3
Published: Jan 07, 2026
Source: NVD
CVE-2025-69263 HIGH - 8.8

pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package w...

Vendor: pnpm
Product: pnpm
Published: Jan 07, 2026
Source: NVD
CVE-2025-69222 HIGH - 8.1

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and action...

Vendor: librechat
Product: librechat
Published: Jan 07, 2026
Source: NVD
CVE-2025-13151 HIGH - 7.5

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

Published: Jan 07, 2026
Source: NVD
CVE-2026-22190 HIGH - 7.5

Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, eg...

Vendor: cmu
Product: panda3d
Published: Jan 07, 2026
Source: NVD
CVE-2026-21682 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow in `CIccXmlArrayType::ParseText()`. This vulnerability affects users of ...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD