Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,585
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,421 - 13,440 of 13,618 CVEs
CVE-2026-21681 HIGH - 7.1

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Undefined Behavior runtime error. This vulnerability affects users of the iccDEV library who ...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2025-66620 HIGH - 7.2

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the file s...

Vendor: columbiaweather
Product: weather_microserver_firmware
Published: Jan 07, 2026
Source: NVD
CVE-2026-21856 HIGH - 7.2

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against the M...

Published: Jan 07, 2026
Source: NVD
CVE-2026-21680 HIGH - 7.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer dereference vulnerability. This vulnerability affects users of the iccDEV librar...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21678 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(). This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21505 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21504 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21501 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21500 HIGH - 7.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-0669 HIGH - 7.5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.

Published: Jan 07, 2026
Source: NVD
CVE-2025-67366 HIGH - 7.5

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "read_content" tool. This vulnerability arises from improper symlink handling in the path validation m...

Published: Jan 07, 2026
Source: NVD
CVE-2025-67364 HIGH - 7.5

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed functio...

Published: Jan 07, 2026
Source: NVD
CVE-2025-66786 HIGH - 7.5

OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack.

Published: Jan 07, 2026
Source: NVD
CVE-2025-65805 HIGH - 7.5

OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF.

Published: Jan 07, 2026
Source: NVD
CVE-2025-4676 HIGH - 8.8

Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.

Published: Jan 07, 2026
Source: NVD
CVE-2025-46494 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1.

Published: Jan 07, 2026
Source: NVD
CVE-2026-20893 HIGH - 7.8

Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/or m...

Published: Jan 07, 2026
Source: NVD
CVE-2026-0656 HIGH - 8.2

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'check_ipaymu_response' function. This is due to the plugin not validating webhook request authenticity through signature verification...

Published: Jan 07, 2026
Source: NVD
CVE-2026-0628 HIGH - 8.8

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jan 07, 2026
Source: NVD
CVE-2025-69082 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3.

Published: Jan 07, 2026
Source: NVD