Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,884
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,581 - 13,600 of 13,803 CVEs
CVE-2026-21694 HIGH - 8.1

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

Vendor: kromit
Product: titra
Published: Jan 08, 2026
Source: NVD
CVE-2019-25291 HIGH - 7.5

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving de...

Published: Jan 08, 2026
Source: NVD
CVE-2019-25289 HIGH - 8.8

SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary syste...

Published: Jan 08, 2026
Source: NVD
CVE-2019-25279 HIGH - 7.5

FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without ...

Vendor: iwt
Product: facesentry_access_control_system_firmware
Published: Jan 08, 2026
Source: NVD
CVE-2019-25231 HIGH - 8.4

devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root...

Published: Jan 08, 2026
Source: NVD
CVE-2017-20215 HIGH - 8.8

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete c...

Published: Jan 08, 2026
Source: NVD
CVE-2017-20214 HIGH - 7.5

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.

Published: Jan 08, 2026
Source: NVD
CVE-2017-20213 HIGH - 7.5

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera seri...

Published: Jan 08, 2026
Source: NVD
CVE-2025-69262 HIGH - 7.8

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code E...

Vendor: pnpm
Product: pnpm
Published: Jan 07, 2026
Source: NVD
CVE-2026-22047 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `SIccCalcOp::Describe()` at `IccProfLib/IccMpeCalc.cpp`...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-22046 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccProfileXml::ParseBasic()` at `IccXML/IccLibXML/Icc...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21693 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccSegmentedCurveXml::ToXml()` at `IccXML/IccLibXML/IccMpeX...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21692 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `ToXmlCurve()` at `IccXML/IccLibXML/IccMpeXml.cpp`. This vuln...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21688 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `SIccCalcOp::ArgsPushed()` at `IccProfLib/IccMpeCalc.cpp`. Th...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21687 HIGH - 7.1

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagCurve::CIccTagCurve()`. This vulnerability affects users of the i...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21686 HIGH - 7.1

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLutAtoB::Validate()`. This vulnerability affects users of the icc...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21685 HIGH - 7.1

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLut16::Read()`. This vulnerability affects users of the iccDEV li...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21684 HIGH - 7.1

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagSpectralViewingConditions()`. This vulnerability affects users of...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21683 HIGH - 8.8

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `icStatusCMM::CIccEvalCompare::EvaluateProfile()`. This vulne...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21441 HIGH - 7.5

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTT...

Vendor: python
Product: urllib3
Published: Jan 07, 2026
Source: NVD