Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,529
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,381 - 1,400 of 1,593 CVEs
CVE-2026-2618 LOW - 3.7

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitabili...

Vendor: beetel
Product: 777vr1_firmware
Published: Feb 17, 2026
Source: NVD

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint.

Vendor: phpgurukul
Product: gym_management_system
Published: Feb 17, 2026
Source: NVD
CVE-2026-2557 LOW - 3.5

A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and ma...

Vendor: cskefu
Product: cskefu
Published: Feb 16, 2026
Source: NVD

Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561

Vendor: Mattermost
Product: Mattermost
Published: Feb 16, 2026
Source: NVD
CVE-2026-2547 LOW - 3.5

A vulnerability was detected in LigeroSmart up to 6.1.26. The impacted element is the function AgentDashboard of the file /otrs/index.pl. Performing a manipulation of the argument Subaction results in cross site scripting. Remote exploitation of the attack is possible. The exploit is now public and ...

Vendor: ligerosmart
Product: ligerosmart
Published: Feb 16, 2026
Source: NVD
CVE-2026-2546 LOW - 3.5

A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may...

Vendor: ligerosmart
Product: ligerosmart
Published: Feb 16, 2026
Source: NVD
CVE-2026-2545 LOW - 3.5

A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the pub...

Vendor: ligerosmart
Product: ligerosmart
Published: Feb 16, 2026
Source: NVD
CVE-2026-2543 LOW - 2.7

A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. The ...

Published: Feb 16, 2026
Source: NVD

Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549

Vendor: Mattermost
Product: Mattermost
Published: Feb 13, 2026
Source: NVD

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users.

Vendor: go
Product: github.com/neuvector/scanner
Published: Feb 12, 2026
Source: GitHub
CVE-2026-2391 LOW - 3.7

### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in GHSA-6...

Vendor: npm
Product: qs
Published: Feb 12, 2026
Source: NVD

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.

Vendor: Apple
Product: macOS
Published: Feb 11, 2026
Source: NVD

A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to intercept ...

Vendor: Apple
Product: macOS, watchOS, visionOS, iOS and iPadOS, tvOS
Published: Feb 11, 2026
Source: NVD

The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to enumerate a user's installed apps.

Vendor: Apple
Product: iOS and iPadOS
Published: Feb 11, 2026
Source: NVD

A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, Safari 26.3, macOS Tahoe 26.3. An app may be able to access a user's Safari history.

Vendor: Apple
Product: Safari, macOS, iOS and iPadOS
Published: Feb 11, 2026
Source: NVD

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information.

Vendor: Apple
Product: macOS
Published: Feb 11, 2026
Source: NVD

An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen.

Vendor: Apple
Product: iOS and iPadOS
Published: Feb 11, 2026
Source: NVD

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission.

Vendor: Apple
Product: macOS
Published: Feb 11, 2026
Source: NVD
CVE-2026-2345 LOW - 3.6

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based ...

Published: Feb 11, 2026
Source: NVD
CVE-2026-1282 LOW - 3.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles.

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD