Total CVEs

143,744

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,564
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,561 - 14,580 of 14,876 CVEs
CVE-2026-21851 MEDIUM - 5.3

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, whi...

Published: Jan 07, 2026
Source: NVD
CVE-2025-62224 MEDIUM - 5.5

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.

Published: Jan 07, 2026
Source: NVD
CVE-2023-7333 MEDIUM - 5.3

A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patc...

Published: Jan 07, 2026
Source: NVD
CVE-2026-21691 MEDIUM - 6.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccTag:IsTypeCompressed()`. This vulnerability affects user...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21690 MEDIUM - 6.3

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccTagXmlTagData::ToXml()`. This vulnerability affects user...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21689 MEDIUM - 6.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccProfileXml::ParseBasic()` at `IccXML/IccLibXML/IccProfil...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-22188 MEDIUM - 5.5

Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a lar...

Vendor: cmu
Product: panda3d
Published: Jan 07, 2026
Source: NVD
CVE-2025-69255 MEDIUM - 4.0

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes get_metrics to unwrap() failed deserialization of metric_type/opts, panicking the handler thread and enabling remote denial of service of the metrics ...

Vendor: rustfs
Product: rustfs
Published: Jan 07, 2026
Source: NVD
CVE-2025-69221 MEDIUM - 4.3

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the configuration...

Vendor: librechat
Product: librechat
Published: Jan 07, 2026
Source: NVD
CVE-2025-69220 MEDIUM - 5.9

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to the ...

Vendor: librechat
Product: librechat
Published: Jan 07, 2026
Source: NVD
CVE-2025-64305 MEDIUM - 6.5

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal.

Published: Jan 07, 2026
Source: NVD
CVE-2025-61939 MEDIUM - 4.4

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker control...

Vendor: columbiaweather
Product: weather_microserver_firmware
Published: Jan 07, 2026
Source: NVD
CVE-2026-0670 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39.

Published: Jan 07, 2026
Source: NVD
CVE-2026-21506 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::ParseBasic(), leading to denial of service. This issue has been p...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21503 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This issue has been patched in ve...

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21502 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21499 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21498 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21497 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD
CVE-2026-21496 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 07, 2026
Source: NVD