| CVE-2025-5329 |
SQLi in Martcode Software's Delta Course Automation |
04.02.2026 |
9.8 |
| CVE-2025-59818 |
Authenticated Remote Code Execution via the file name of an uploaded file |
04.02.2026 |
10 |
| CVE-2026-1633 |
Synectix LAN 232 TRIO Missing Authentication for Critical Function |
03.02.2026 |
10 |
| CVE-2026-1632 |
RISS SRL MOMA Seismic Station Missing Authentication for Critical Function |
03.02.2026 |
9.3 |
| CVE-2020-37071 |
CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution |
03.02.2026 |
9.3 |
| CVE-2020-37092 |
Netis E1+ 1.2.32533 - Backdoor Account (root) |
03.02.2026 |
9.3 |
| CVE-2026-1341 |
Missing Authentication for Critical Function in Avation Light Engine Pro |
03.02.2026 |
9.3 |
| CVE-2026-25150 |
Prototype Pollution via FormData Processing in Qwik City |
03.02.2026 |
9.3 |
| CVE-2026-25510 |
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor |
03.02.2026 |
10 |
| CVE-2025-65078 |
Untrusted search path vulnerability in Embedded Solutions Framework |
03.02.2026 |
9.3 |
| CVE-2026-1803 |
Ziroom ZHOME A0101 Dropbear SSH Service default credentials |
03.02.2026 |
9.2 |
| CVE-2025-10878 |
|
03.02.2026 |
10 |
| CVE-2026-25237 |
PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails |
03.02.2026 |
9.2 |
| CVE-2026-25238 |
PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation |
03.02.2026 |
9.2 |
| CVE-2026-25241 |
PEAR is Vulnerable to SQL Injection in /get/<package>/<version> Endpoint |
03.02.2026 |
9.3 |
| CVE-2025-70841 |
|
03.02.2026 |
10 |
| CVE-2026-1568 |
Rapid7 InsightVM Signature Validation Vulnerability |
04.02.2026 |
9.6 |
| CVE-2025-5319 |
SQLi in Emit Informatics' DIGITA Efficiency Management System |
04.02.2026 |
9.8 |
| CVE-2026-1432 |
SQL injection (SQLi) on the Buroweb platform |
03.02.2026 |
9.3 |
| CVE-2026-24465 |
|
03.02.2026 |
9.3 |
| CVE-2026-24936 |
An improper input validation vulnerability was found in ADM while joining a AD Domain. |
03.02.2026 |
9.5 |
| CVE-2025-66480 |
Wildfire has Arbitrary File Upload via Directory Traversal in UploadFileAction |
03.02.2026 |
9.8 |
| CVE-2026-22778 |
vLLM leaks a heap address when PIL throws an error |
03.02.2026 |
9.8 |
| CVE-2026-23515 |
RCE - Command Injection in Signal K set-system-time plugin |
03.02.2026 |
10 |
| CVE-2026-24471 |
Improper Validation in Conduit-derived homeservers resulting in Unintended Proxy or Intermediary ('Confused Deputy') |
03.02.2026 |
9.3 |
| CVE-2026-25134 |
Group-Office Argument Injection in MaintenanceController::actionZipLanguage |
02.02.2026 |
9.4 |
| CVE-2026-25137 |
NixOs Odoo database and filestore publicly accessible with default odoo configuration |
02.02.2026 |
9.1 |
| CVE-2026-25142 |
SandboxJS Prototype Pollution -> Sandbox Escape -> RCE |
02.02.2026 |
10 |
| CVE-2022-50981 |
Multiple Innomic VibroLine VLX HD 5.0 and avibia AVLX weak password requirements |
02.02.2026 |
9.8 |
| CVE-2024-2356 |
Remote Code Execution due to LFI in '/reinstall_extension' in parisneo/lollms-webui |
02.02.2026 |
9.6 |
| CVE-2024-5386 |
Account Hijacking via Password Reset Token Leak in lunary-ai/lunary |
02.02.2026 |
9.6 |
| CVE-2024-5986 |
Remote Arbitrary File Write with Arbitrary Data in h2oai/h2o-3 |
02.02.2026 |
9.1 |
| CVE-2026-25200 |
|
03.02.2026 |
9.8 |
| CVE-2026-25202 |
|
03.02.2026 |
9.8 |
| CVE-2026-25069 |
SunFounder Pironman Dashboard <= 1.3.13 Path Traversal Arbitrary File Read/Deletion |
02.02.2026 |
9.3 |
| CVE-2020-37027 |
Sickbeard 0.1 - Remote Command Injection |
03.02.2026 |
9.3 |
| CVE-2020-37052 |
AirControl 1.4.2 - PreAuth Remote Code Execution |
02.02.2026 |
9.3 |
| CVE-2026-1723 |
TOTOLINK X6000R Unauthenticated Command Injection Vulnerability |
04.02.2026 |
9.2 |
| CVE-2025-24293 |
|
02.02.2026 |
9.2 |
| CVE-2026-25130 |
Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool |
02.02.2026 |
9.7 |
| CVE-2026-25141 |
Orval has a code injection via unsanitized x-enum-descriptions uing JS comments |
02.02.2026 |
9.3 |
| CVE-2025-7964 |
Zigbee Router Denial of Service |
30.01.2026 |
9.2 |
| CVE-2025-26385 |
Metasys product command injection vulnerability could allow remote SQL execution |
30.01.2026 |
9.5 |
| CVE-2026-1699 |
|
02.02.2026 |
10 |
| CVE-2026-0963 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller |
02.02.2026 |
9.9 |
| CVE-2026-24728 |
Interinfo DreamMaker - Missing Authentication for Critical Function |
30.01.2026 |
9.3 |
| CVE-2026-24729 |
Interinfo DreamMaker - Unrestricted Upload of File with Dangerous Type |
30.01.2026 |
10 |
| CVE-2026-1281 |
|
30.01.2026 |
9.8 |
| CVE-2026-1340 |
|
30.01.2026 |
9.8 |
| CVE-2026-25047 |
deepHas vulnerable to Prototype Pollution via constructor.prototype |
02.02.2026 |
9.4 |
| CVE-2026-22806 |
vCluster Platform's Access Keys Allows Access Beyond Scope |
29.01.2026 |
9.1 |
| CVE-2026-1453 |
Missing Authentication for Critical Function in KiloView Encoder Series |
29.01.2026 |
9.3 |
| CVE-2026-1610 |
Tenda AX12 Pro V2 Telnet Service hard-coded credentials |
29.01.2026 |
9.2 |
| CVE-2020-37012 |
Tea LaTex 1.0 - Remote Code Execution |
29.01.2026 |
9.3 |