Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,755
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 13,781 - 13,800 of 13,803 CVEs
CVE-2025-15432 HIGH - 7.5

A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of the argument path leads...

Vendor: yeqifu
Product: carrental
Published: Jan 02, 2026
Source: NVD
CVE-2025-15431 HIGH - 8.8

A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor...

Vendor: utt
Product: 512w_firmware
Published: Jan 02, 2026
Source: NVD
CVE-2025-15430 HIGH - 8.8

A vulnerability was detected in UTT 进取 512W 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formFtpServerShareDirSelcet. Performing manipulation of the argument oldfilename results in buffer overflow. The attack can be initiated remotely. The exploit is now public and...

Vendor: utt
Product: 512w_firmware
Published: Jan 02, 2026
Source: NVD
CVE-2025-15429 HIGH - 8.8

A security vulnerability has been detected in UTT 进取 512W 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formConfigCliForEngineerOnly. Such manipulation of the argument addCommand leads to buffer overflow. It is possible to launch the attack remotely. The exp...

Vendor: utt
Product: 512w_firmware
Published: Jan 02, 2026
Source: NVD
CVE-2025-15428 HIGH - 8.8

A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and c...

Vendor: utt
Product: 512w_firmware
Published: Jan 02, 2026
Source: NVD
CVE-2025-15426 HIGH - 7.3

A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be...

Published: Jan 02, 2026
Source: NVD
CVE-2025-15423 HIGH - 8.8

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The ven...

Vendor: phome
Product: empirecms
Published: Jan 02, 2026
Source: NVD
CVE-2025-15422 HIGH - 7.5

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may be ...

Vendor: phome
Product: empirecms
Published: Jan 02, 2026
Source: NVD
CVE-2025-15413 HIGH - 7.8

A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project has...

Vendor: wasm3_project
Product: wasm3
Published: Jan 01, 2026
Source: NVD
CVE-2025-15412 HIGH - 7.8

A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach t...

Vendor: webassembly
Product: wabt
Published: Jan 01, 2026
Source: NVD
CVE-2025-15411 HIGH - 7.8

A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local ...

Vendor: webassembly
Product: wabt
Published: Jan 01, 2026
Source: NVD
CVE-2025-69203 HIGH - 8.8

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against adminis...

Vendor: signalk
Product: signal_k_server
Published: Jan 01, 2026
Source: NVD
CVE-2025-68619 HIGH - 7.2

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin o...

Vendor: signalk
Product: signal_k_server
Published: Jan 01, 2026
Source: NVD
CVE-2025-55065 HIGH - 7.5

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Published: Jan 01, 2026
Source: NVD
CVE-2026-21428 HIGH - 7.5

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the ``write_headers`` function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability allows attackers to...

Vendor: yhirose
Product: cpp-httplib
Published: Jan 01, 2026
Source: NVD
CVE-2025-68272 HIGH - 7.5

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). This causes a &quo...

Vendor: signalk
Product: signal_k_server
Published: Jan 01, 2026
Source: NVD
CVE-2025-66398 HIGH - 8.8

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state (`restoreFilePath`) of the server via the `/skServer/validateBackup` endpoint. This allows the attacker to hijack the administrator's...

Vendor: signalk
Product: signal_k_server
Published: Jan 01, 2026
Source: NVD
CVE-2025-48769 HIGH - 8.1

Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in spe...

Vendor: apache
Product: nuttx
Published: Jan 01, 2026
Source: NVD
CVE-2025-47411 HIGH - 8.1

A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator.Β  This vulnerability allows an attacker to gain administrative control over ...

Vendor: apache
Product: streampipes
Published: Jan 01, 2026
Source: NVD
CVE-2025-15406 HIGH - 8.8

A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Vendor: phpgurukul
Product: online_course_registration
Published: Jan 01, 2026
Source: NVD