Total CVEs

142,588

Critical Severity

4,002

High Severity

14,355

Last 7 Days

1,858
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 13,641 - 13,660 of 14,399 CVEs
CVE-2021-47795 MEDIUM - 6.2

GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access syst...

Vendor: Geovision
Product: GeoVision Geowebserver
Published: Jan 16, 2026
Source: NVD
CVE-2021-47783 MEDIUM - 5.4

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.

Vendor: Phpwcms
Product: Phpwcms
Published: Jan 16, 2026
Source: NVD
CVE-2026-1010 MEDIUM - 5.4

A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow, ...

Vendor: altium
Product: on-prem_enterprise_server
Published: Jan 15, 2026
Source: NVD
CVE-2026-1009 MEDIUM - 5.4

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the affected post. Successf...

Vendor: altium
Product: altium_live
Published: Jan 15, 2026
Source: NVD
CVE-2026-1008 MEDIUM - 5.4

A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected pay...

Vendor: altium
Product: altium_live
Published: Jan 15, 2026
Source: NVD
CVE-2025-68671 MEDIUM - 6.5

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request (e.g., through network interception, l...

Vendor: treeverse
Product: lakeFS
Published: Jan 15, 2026
Source: NVD
CVE-2026-21921 MEDIUM - 6.5

A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collectors are frequently subscribing and unsubscribing to sensors c...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21912 MEDIUM - 5.5

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line...

Vendor: Juniper Networks
Product: Junos OS
Published: Jan 15, 2026
Source: NVD
CVE-2026-21911 MEDIUM - 6.5

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces (LSI) to stop while ge...

Vendor: juniper
Product: junos_os_evolved
Published: Jan 15, 2026
Source: NVD
CVE-2026-21910 MEDIUM - 6.5

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network Identifi...

Vendor: Juniper Networks
Product: Junos OS
Published: Jan 15, 2026
Source: NVD
CVE-2026-21909 MEDIUM - 6.5

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt a...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-21907 MEDIUM - 5.9

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support ...

Vendor: juniper
Product: junos_space
Published: Jan 15, 2026
Source: NVD
CVE-2026-21903 MEDIUM - 6.5

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service (DoS). Subscribing to telemetry sensors at scale causes all FPC connections to drop, resul...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2026-0203 MEDIUM - 6.5

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS). When an IC...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-70891 MEDIUM - 6.1

A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated attack...

Vendor: phpgurukul
Product: cyber_cafe_management_system
Published: Jan 15, 2026
Source: NVD
CVE-2025-70890 MEDIUM - 6.1

A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the affec...

Vendor: phpgurukul
Product: cyber_cafe_management_system
Published: Jan 15, 2026
Source: NVD
CVE-2025-67025 MEDIUM - 6.1

Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section

Vendor: n/a
Product: n/a
Published: Jan 15, 2026
Source: NVD
CVE-2025-65368 MEDIUM - 6.1

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output.

Vendor: codewithcj
Product: sparkyfitness
Published: Jan 15, 2026
Source: NVD
CVE-2025-60011 MEDIUM - 5.8

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a s...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD
CVE-2025-60007 MEDIUM - 5.5

A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS). When a user executes the 'show chassis' command with specifically crafted option...

Vendor: juniper
Product: junos
Published: Jan 15, 2026
Source: NVD