Search
59,162 CVEs
CVEs (59,162, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 151–175 of 59,162 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-25725 | CRITICAL | Patched | 10.0 | 2026-02-06 | Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configurat… |
| CVE-2025-68121 | CRITICAL | Patched | 10.0 | 2026-02-05 | During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the r… |
| CVE-2025-59818 | CRITICAL | Patched | 10.0 | 2026-02-04 | This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file. |
| CVE-2026-1633 | CRITICAL | 10.0 | 2026-02-04 | The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify … | |
| CVE-2025-10878 | CRITICAL | Patched | 10.0 | 2026-02-03 | A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to … |
| CVE-2025-70841 | CRITICAL | 10.0 | 2026-02-03 | Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /s… | |
| CVE-2026-25142 | CRITICAL | Patched | 10.0 | 2026-02-02 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be use… |
| CVE-2026-1699 | CRITICAL | Patched | 10.0 | 2026-01-30 | In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrust… |
| CVE-2026-24729 | NONE | Patched | — | 2026-01-30 | An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to e… |
| CVE-2026-24054 | CRITICAL | Patched | 10.0 | 2026-01-29 | Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.2… |
| CVE-2026-24897 | CRITICAL | Patched | 10.0 | 2026-01-28 | Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified locat… |
| CVE-2025-57792 | CRITICAL | Patched | 10.0 | 2026-01-28 | Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker ca… |
| CVE-2026-23830 | CRITICAL | Patched | 10.0 | 2026-01-28 | SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. T… |
| CVE-2025-14988 | NONE | — | 2026-01-27 | A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain conditions. This may impact the confidentiality, integ… | |
| CVE-2026-24871 | NONE | Patched | — | 2026-01-27 | Improper Control of Generation of Code ('Code Injection') vulnerability in pilgrimage233 Minecraft-Rcon-Manage.This issue affects Minecraft-Rcon-Manage: before 3.0. |
| CVE-2026-24826 | NONE | — | 2026-01-27 | Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This … | |
| CVE-2026-24823 | NONE | — | 2026-01-27 | Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in FASTSHIFT X-TRACK (Software/X-Track/USER/App/Utils/lv_img_png/P… | |
| CVE-2026-24816 | NONE | — | 2026-01-27 | Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in datavane tis (tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules). This vulne… | |
| CVE-2026-24822 | NONE | — | 2026-01-27 | Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C. This issu… | |
| CVE-2026-24810 | NONE | — | 2026-01-27 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb (src/cjson modules). This vulnerability is associated with program files c… | |
| CVE-2026-24814 | NONE | Patched | — | 2026-01-27 | Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C. This issue affec… |
| CVE-2026-24815 | NONE | — | 2026-01-27 | Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl … | |
| CVE-2026-24800 | NONE | — | 2026-01-27 | Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is… | |
| CVE-2025-4320 | CRITICAL | 10.0 | 2026-01-23 | Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam a… | |
| CVE-2025-69828 | CRITICAL | 10.0 | 2026-01-22 | File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Cu… |