Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,525
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,481 - 1,500 of 1,593 CVEs
CVE-2026-1700 LOW - 3.5

A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made av...

Published: Jan 30, 2026
Source: NVD

Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the `NativeAuthenticationStrategy.authenticate()` method is vulnerable to a timing attack that allows attackers to enumerate valid usernames (email addresses). In `packages/core/src/config/auth/native-authentication-strate...

Vendor: vendurehq
Product: vendure
Published: Jan 30, 2026
Source: NVD
CVE-2026-1685 LOW - 3.7

A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. This attack is characterized by high com...

Published: Jan 30, 2026
Source: NVD

Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.

Vendor: llamastack
Product: Llama Stack
Published: Jan 30, 2026
Source: NVD

Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $(cmd) could execute ...

Vendor: MoonshotAI
Product: kimi-agent-sdk
Published: Jan 29, 2026
Source: NVD

Tanium addressed an improper access controls vulnerability in Interact.

Vendor: Tanium
Product: Interact
Published: Jan 29, 2026
Source: NVD
CVE-2026-1598 LOW - 3.5

A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. Impacted is an unknown function of the file /dashboard/home/profile of the component User Information Module. Performing a manipulation of the argument fullname results in cross site scripting. It is p...

Published: Jan 29, 2026
Source: NVD
CVE-2026-1588 LOW - 2.7

A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of the argument path results in path traversal. It is...

Published: Jan 29, 2026
Source: NVD

Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates.

Vendor: Brother Industries, Ltd., Konica Minolta, Inc., Ricoh Company, Ltd.
Product: Multiple MFPs
Published: Jan 29, 2026
Source: NVD
CVE-2026-1532 LOW - 2.4

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the local ...

Published: Jan 28, 2026
Source: NVD

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1) vCPU runs on CPU A, running...

Vendor: Xen
Product: Xen
Published: Jan 28, 2026
Source: NVD
CVE-2026-1520 LOW - 2.4

A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown functionality of the component Secondary Index Handler. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. ...

Published: Jan 28, 2026
Source: NVD

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or ...

Vendor: go
Product: github.com/juju/juju
Published: Jan 28, 2026
Source: NVD

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

Vendor: GnuPG
Product: GnuPG
Published: Jan 27, 2026
Source: NVD

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve configurati...

Vendor: OISF
Product: suricata
Published: Jan 27, 2026
Source: NVD

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

Vendor: ixray-team
Product: ixray-1.6-stcop
Published: Jan 27, 2026
Source: NVD
CVE-2026-1485 LOW - 2.8

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exp...

Published: Jan 27, 2026
Source: NVD
CVE-2026-1444 LOW - 2.4

A vulnerability has been found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/books_center/add_book_check.php. Such manipulation of the argument mark leads to cross site scripting. The attack can be launched remotely. ...

Published: Jan 26, 2026
Source: NVD
CVE-2026-1190 LOW - 3.1

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of S...

Vendor: maven
Product: org.keycloak:keycloak-services
Published: Jan 26, 2026
Source: NVD
CVE-2025-9615 LOW - 3.3

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added...

Published: Jan 26, 2026
Source: NVD