Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Friday's vulnerability disclosures include 18 critical and 100 high-priority CVEs, with Microsoft Windows and Office accounting for multiple actively exploited flaws. Critical counts rose 13% from the prior day while high-priority volume held steady. Notable critical disclosures include CVE-2026-26216 (CVSS 10.0, Docker API deployment), CVE-2026-1729 and CVE-2025-14892 (both CVSS 9.8, WordPress), and CVE-2026-26218 (CVSS 9.8, newbee-mall). SmarterTools SmarterMail appears in three separate actively exploited vulnerabilities, and Microsoft products span six KEV entries covering Windows and Office components. No patches are currently available for disclosed vulnerabilities, requiring defenders to prioritize compensating controls and network segmentation.
CVE-2026-26216 rated CVSS 10.0 affecting Docker API deployment â highest severity disclosure this cycle
18 critical CVEs disclosed, up 13% from prior day's 16; 100 high-priority CVEs unchanged
Microsoft products dominate active exploitation with 6 KEV entries across Windows and Office
SmarterTools SmarterMail has 3 actively exploited vulnerabilities (CVE-2025-52691, CVE-2026-23760, CVE-2026-24423)
0% patch availability across all 118 disclosed CVEs â compensating controls required
20 actively exploited vulnerabilities confirmed, up 18% from prior day's 17
Immediate action: Prioritize compensating controls for Microsoft Windows, Microsoft Office, and SmarterTools SmarterMail environments given multiple actively exploited vulnerabilities with no patches currently available. Apply network segmentation and restrict access to Docker API, WordPress, and FreePBX instances until vendor patches are released.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-40536
9.5
SolarWindsWeb Help Desk
â° Federal Deadline:February 14, 2026(2 days remaining)
SolarWinds Web Help Desk Security Control Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2018-14634
9.5đ Late Disclosure
LinuxKernal
â° Federal Deadline:February 15, 2026(3 days remaining)
Linux Kernel Integer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-52691
9.5đ
SmarterToolsSmarterMail
â° Federal Deadline:February 15, 2026(3 days remaining)
SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-23760
9.5
SmarterToolsSmarterMail
â° Federal Deadline:February 15, 2026(3 days remaining)
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-24061
9.5đ
GNUInetUtils
â° Federal Deadline:February 15, 2026(3 days remaining)
GNU InetUtils Argument Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-21509
9.5đ
MicrosoftOffice
â° Federal Deadline:February 15, 2026(3 days remaining)
Microsoft Office Security Feature Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-39935
9.5đ Late Disclosure
GitLabCommunity and Enterprise Editions
â° Federal Deadline:February 23, 2026(11 days remaining)
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-64328
9.5
SangomaFreePBX
â° Federal Deadline:February 23, 2026(11 days remaining)
Sangoma FreePBX OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2019-19006
9.5đ Late Disclosure
SangomaFreePBX
â° Federal Deadline:February 23, 2026(11 days remaining)
Sangoma FreePBX Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-11953
9.5đ
React Native CommunityCLI
â° Federal Deadline:February 25, 2026(13 days remaining)
React Native Community CLI OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-24423
9.5
SmarterToolsSmarterMail
â° Federal Deadline:February 25, 2026(13 days remaining)
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-21513
9.5đ
MicrosoftWindows
â° Federal Deadline:March 2, 2026(18 days remaining)
A protection mechanism failure in the MSHTML Framework allows an unauthenticated attacker to bypass security features over a network, potentially leading to unauthorized system access.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-21525
9.5
MicrosoftWindows
â° Federal Deadline:March 2, 2026(18 days remaining)
Microsoft Windows NULL Pointer Dereference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-21510
9.5đ
MicrosoftWindows
â° Federal Deadline:March 2, 2026(18 days remaining)
A protection mechanism failure in the Windows Shell allows an unauthenticated attacker to bypass security features over a network connection.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-21533
9.5đ
MicrosoftWindows
â° Federal Deadline:March 2, 2026(18 days remaining)
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate their privileges locally on the affected system.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-21519
9.5đ
MicrosoftWindows
â° Federal Deadline:March 2, 2026(18 days remaining)
A type confusion vulnerability in the Desktop Window Manager (DWM) allows an authorized local attacker to elevate their privileges to a higher level.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-21514
9.5đ
MicrosoftOffice
â° Federal Deadline:March 2, 2026(18 days remaining)
A security feature bypass vulnerability in Microsoft Office Word exists due to reliance on untrusted inputs, allowing an unauthorized local attacker to circumvent security protections.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2024-43468
9.5đ Late Disclosure
MicrosoftConfiguration Manager
â° Federal Deadline:March 4, 2026(20 days remaining)
Microsoft Configuration Manager SQL Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-15556
9.5
Notepad++Notepad++
â° Federal Deadline:March 4, 2026(20 days remaining)
Notepad++ Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2019-25337
9.8đ Late Disclosure
Archparameter to
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-26216
10đ
DockerAPI deployment
Crawl4AI versions prior to 0.8.0 allow unauthenticated remote code execution via the `/crawl` endpoint by exploiting the `hooks` parameter to import arbitrary Python modules.
CVSS Base10
â
CRSSelect profile
CVE-2026-26219
9.1đ
LGnewbee-mall
The newbee-mall application uses unsalted MD5 hashing for password storage, allowing attackers who obtain the database to rapidly recover plaintext credentials via offline attacks.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-69634
9đ
HPDolibarr ERP & CRM
A Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr ERP & CRM v.22.0.9 allows remote attackers to escalate privileges by manipulating the notes field in perms.php.
CVSS Base9
â
CRSSelect profile
CVE-2026-1729
9.8đ
WordPressis vulnerable
The AdForest WordPress theme (<= 6.0.12) is vulnerable to authentication bypass via the sb_login_user_with_otp_fun function, allowing attackers to log in as any user, including admins.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-14892
9.8đ
WordPressplugin through
The Prime Listing Manager plugin for WordPress contains a hardcoded secret that allows unauthenticated attackers to gain administrative access to the targeted website.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-26218
9.8đ
newbee-mallnewbee-mall
The newbee-mall application utilizes pre-seeded administrator accounts with predictable default passwords, allowing unauthenticated attackers to gain full administrative control upon deployment.
CVSS Base9.8
â
CRSSelect profile
CVE-2019-25327
9.8đđ Late Disclosure
Prime95Prime95
Prime95 version 29.8 build 6 contains a buffer overflow in the user ID and proxy host fields, allowing remote attackers to execute arbitrary code and establish a bind shell.
CVSS Base9.8
â
CRSSelect profile
CVE-2019-25319
9.8đđ Late Disclosure
Domain QuesterDomain Quester Pro
Domain Quester Pro 6.02 is vulnerable to a stack-based buffer overflow via the 'Domain Name Keywords' field, allowing remote attackers to execute arbitrary code by overwriting SEH registers.
CVSS Base9.8
â
CRSSelect profile
CVE-2019-25321
9.8đđ Late Disclosure
FTP NavigatorFTP Navigator
FTP Navigator 8.03 is vulnerable to a stack-based buffer overflow via the Custom Command textbox, enabling remote code execution through the overwriting of SEH registers.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-1358
9.8đ
Airleader MasterAirleader Master
Airleader Master versions 6.381 and prior allow unauthenticated users to perform unrestricted file uploads to high-privilege webpages, potentially leading to remote code execution.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-10969
9.8đ
Farktor SoftwareE-Commerce Package
Farktor Software E-Commerce Package is vulnerable to Blind SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions through 27112025.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-70981
9.8đ
CordysCRMCordysCRM
CordysCRM 1.4.1 contains an SQL Injection vulnerability in the employee list query interface (/user/list) via the 'departmentIds' parameter.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-70314
9.8đ
webfsdwebfsd
webfsd 1.21 is vulnerable to a buffer overflow through the 'filename' variable in crafted requests, potentially allowing remote attackers to execute arbitrary code.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-14014
9.8
InforMultiple Products
Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Panel: before 20251215.
CVSS Base9.8
â
CRSSelect profile
CVE-2020-37167
9.8đ Late Disclosure
function nameMultiple Products
ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-15573
9.4đ
SolaXSolaX Cloud MQTTS
SolaX devices fail to validate server certificates when connecting to the MQTTS server, enabling Man-in-the-Middle (MITM) attackers to intercept traffic and issue unauthorized commands.
CVSS Base9.4
â
CRSSelect profile
CVE-2026-25227
9.1đ
authentikauthentik
A privilege escalation vulnerability in authentik allows authenticated users with specific viewing permissions to execute arbitrary code via the property mapping/policy test endpoint.
CVSS Base9.1
â
CRSSelect profile
â ī¸
High Priority Updates
â ī¸ CISA KEV
CVE-2026-20700
7.8đ
Appleis aware
â° Federal Deadline:March 4, 2026(20 days remaining)
A memory corruption vulnerability in Apple software was addressed through improved state management to prevent potential exploitation.
CVSS Base7.8
â
CRSSelect profile
CVE-2026-2005
8.8
PostgreSQLpgcrypto allows
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database
CVSS Base8.8
â
CRSSelect profile
CVE-2026-0910
8.8
WordPressis vulnerable
The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2
CVSS Base8.8
â
CRSSelect profile
CVE-2026-2007
8.2
PostgreSQLpg
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string
CVSS Base8.2
â
CRSSelect profile
CVE-2026-2004
8.8
PostgreSQLintarray extension
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database
CVSS Base8.8
â
CRSSelect profile
CVE-2026-2006
8.8
PostgreSQLtext manipulation
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun
CVSS Base8.8
â
CRSSelect profile
CVE-2026-23856
7.8
DellMultiple Products
Dell iDRAC Service Module (iSM) for Windows, versions prior to 6
CVSS Base7.8
â
CRSSelect profile
CVE-2026-2313
8.8
GoogleChrome prior
Use after free in CSS in Google Chrome prior to 145
CVSS Base8.8
â
CRSSelect profile
CVE-2026-2314
8.8
GoogleChrome prior
Heap buffer overflow in Codecs in Google Chrome prior to 145
CVSS Base8.8
â
CRSSelect profile
CVE-2026-2315
8.8
GoogleChrome prior
Inappropriate implementation in WebGPU in Google Chrome prior to 145
CVSS Base8.8
â
CRSSelect profile
CVE-2026-1104
8.8
WordPressMigration
The FastDup â Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2
CVSS Base8.8
â
CRSSelect profile
CVE-2026-2319
7.5
GoogleChrome prior
Race in DevTools in Google Chrome prior to 145
CVSS Base7.5
â
CRSSelect profile
CVE-2025-15096
8.8
WordPressis vulnerable
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-26217
8.6
DockerAPI deployment
Crawl4AI versions prior to 0
CVSS Base8.6
â
CRSSelect profile
CVE-2025-61880
8.8
NIOSMultiple Products
In Infoblox NIOS through 9
CVSS Base8.8
â
CRSSelect profile
CVE-2026-26056
8.8
Kubernetesresources or
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer
CVSS Base8.8
â
CRSSelect profile
CVE-2019-25307
7.8đ Late Disclosure
WindowsMultiple Products
WorkgroupMail 7
CVSS Base7.8
â
CRSSelect profile
CVE-2025-61879
7.7
NIOSMultiple Products
In Infoblox NIOS through 9
CVSS Base7.7
â
CRSSelect profile
CVE-2020-37175
7.5đ Late Disclosure
forMultiple Products
P2PWIFICAM2 for iOS 10
CVSS Base7.5
â
CRSSelect profile
CVE-2020-37190
7.5đ Late Disclosure
PasswordMultiple Products
Top Password Firefox Password Recovery 2
CVSS Base7.5
â
CRSSelect profile
CVE-2026-23857
8.2
DellUpdate Package
Dell Update Package (DUP) Framework, versions 23
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25325
8.2đ Late Disclosure
HPendpoint that
Thrive Smart Home 1
CVSS Base8.2
â
CRSSelect profile
CVE-2026-2361
8
PostgreSQLAnonymizer contains
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code
CVSS Base8
â
CRSSelect profile
CVE-2020-37173
7.5đ Late Disclosure
HPendpoint
AVideo Platform 8
CVSS Base7.5
â
CRSSelect profile
CVE-2019-25345
7.8đ Late Disclosure
CodecIIS Codec
Realtek IIS Codec Service 6
CVSS Base7.8
â
CRSSelect profile
CVE-2020-37196
7.5đ Late Disclosure
ArchSoftware contains
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key
CVSS Base7.5
â
CRSSelect profile
CVE-2020-37197
7.5đ Late Disclosure
ArchSoftware contains
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field
CVSS Base7.5
â
CRSSelect profile
CVE-2026-2360
8
ArchMultiple Products
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator
CVSS Base8
â
CRSSelect profile
CVE-2025-48725
8.1
QNAPoperating system
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions
CVSS Base8.1
â
CRSSelect profile
CVE-2025-48503
7.8
AMDSoftware Installer
A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution
CVSS Base7.8
â
CRSSelect profile
CVE-2024-36324
8.8đ Late Disclosure
AMDGraphics Driver
Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution
CVSS Base8.8
â
CRSSelect profile
CVE-2026-0969
8.8
UnknownMultiple Products
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7659
8
versionshas remediated
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18
CVSS Base8
â
CRSSelect profile
CVE-2026-25676
7.8
Archpath
The installer of M-Track Duo HD version 1
CVSS Base7.8
â
CRSSelect profile
CVE-2025-8099
7.5
versionshas remediated
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10
CVSS Base7.5
â
CRSSelect profile
CVE-2026-0958
7.5
versionshas remediated
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18
CVSS Base7.5
â
CRSSelect profile
CVE-2019-25309
7.8đ Late Disclosure
ConsoleMultiple Products
Zilab Remote Console Server 3
CVSS Base7.8
â
CRSSelect profile
CVE-2019-25343
7.8đ Late Disclosure
NextVPNMultiple Products
NextVPN 4
CVSS Base7.8
â
CRSSelect profile
CVE-2025-65127
7.5
InforMultiple Products
A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23
CVSS Base7.5
â
CRSSelect profile
CVE-2020-37182
7.5đ Late Disclosure
doproxyconnectMultiple Products
Redir 3
CVSS Base7.5
â
CRSSelect profile
CVE-2025-48723
8.1
followingMultiple Products
A buffer overflow vulnerability has been reported to affect Qsync Central
CVSS Base8.1
â
CRSSelect profile
CVE-2025-48724
8.1
followingMultiple Products
A buffer overflow vulnerability has been reported to affect Qsync Central
CVSS Base8.1
â
CRSSelect profile
CVE-2025-52868
8.1
followingMultiple Products
A buffer overflow vulnerability has been reported to affect Qsync Central
CVSS Base8.1
â
CRSSelect profile
CVE-2025-52869
8.1
followingMultiple Products
A buffer overflow vulnerability has been reported to affect Qsync Central
CVSS Base8.1
â
CRSSelect profile
CVE-2025-52870
8.1
followingMultiple Products
A buffer overflow vulnerability has been reported to affect Qsync Central
CVSS Base8.1
â
CRSSelect profile
CVE-2025-57709
8.1
followingMultiple Products
A buffer overflow vulnerability has been reported to affect Qsync Central
CVSS Base8.1
â
CRSSelect profile
CVE-2025-30276
8.8
followingMultiple Products
An out-of-bounds write vulnerability has been reported to affect Qsync Central
CVSS Base8.8
â
CRSSelect profile
CVE-2025-57707
8.8
FileMultiple Products
An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5
CVSS Base8.8
â
CRSSelect profile
CVE-2025-65480
8.8
UnisonMultiple Products
An issue was discovered in Pacom Unison Client 5
CVSS Base8.8
â
CRSSelect profile
CVE-2024-50620
8.8đ Late Disclosure
CIPAceMultiple Products
Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9
CVSS Base8.8
â
CRSSelect profile
CVE-2024-50619
8.8đ Late Disclosure
CIPAceMultiple Products
Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9
CVSS Base8.8
â
CRSSelect profile
CVE-2026-20667
8.8
UnknownMultiple Products
A logic issue was addressed with improved checks
CVSS Base8.8
â
CRSSelect profile
CVE-2026-26234
8.8
VisuMultiple Products
JUNG Smart Visu Server 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-25922
8.8
UnknownMultiple Products
authentik is an open-source identity provider
CVSS Base8.8
â
CRSSelect profile
CVE-2019-25318
8.8đ Late Disclosure
AudioMultiple Products
AVS Audio Converter 9
CVSS Base8.8
â
CRSSelect profile
CVE-2026-25108
8.8
UnknownMultiple Products
FileZen contains an OS command injection vulnerability
CVSS Base8.8
â
CRSSelect profile
CVE-2026-25759
8.7
contentMultiple Products
Statmatic is a Laravel and Git powered content management system (CMS)
CVSS Base8.7
â
CRSSelect profile
CVE-2026-25748
8.6
UnknownMultiple Products
authentik is an open-source identity provider
CVSS Base8.6
â
CRSSelect profile
CVE-2026-25924
8.4
KanboardMultiple Products
Kanboard is project management software focused on Kanban methodology
CVSS Base8.4
â
CRSSelect profile
CVE-2025-54756
8.4
InforMultiple Products
BrightSign players running BrightSign OS series 4 prior to v8
CVSS Base8.4
â
CRSSelect profile
CVE-2019-25331
8.4đ Late Disclosure
AudioMultiple Products
AVS Audio Converter 9
CVSS Base8.4
â
CRSSelect profile
CVE-2019-25332
8.4đ Late Disclosure
CommanderMultiple Products
FTP Commander Pro 8
CVSS Base8.4
â
CRSSelect profile
CVE-2019-25336
8.4đ Late Disclosure
Base64Multiple Products
SpotAuditor 5
CVSS Base8.4
â
CRSSelect profile
CVE-2025-10174
8.3
Pan SoftwareMultiple Products
Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd
CVSS Base8.3
â
CRSSelect profile
CVE-2025-13002
8.2
Farktor SoftwareMultiple Products
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc
CVSS Base8.2
â
CRSSelect profile
CVE-2025-30269
8.1
followingMultiple Products
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central
CVSS Base8.1
â
CRSSelect profile
CVE-2025-69871
8.1
UnknownMultiple Products
A race condition vulnerability exists in MedusaJS Medusa v2
CVSS Base8.1
â
CRSSelect profile
CVE-2024-56808
7.8đ Late Disclosure
followingMultiple Products
A command injection vulnerability has been reported to affect Media Streaming add-on
CVSS Base7.8
â
CRSSelect profile
CVE-2019-25306
7.8đ Late Disclosure
FTPMultiple Products
BlackMoon FTP Server 3
CVSS Base7.8
â
CRSSelect profile
CVE-2019-25308
7.8đ Late Disclosure
MikogoMultiple Products
Mikogo 5
CVSS Base7.8
â
CRSSelect profile
CVE-2019-25310
7.8đ Late Disclosure
ActiveFaxMultiple Products
ActiveFax Server 6
CVSS Base7.8
â
CRSSelect profile
CVE-2025-70083
7.8
UnknownMultiple Products
An issue was discovered in OpenSatKit 2
CVSS Base7.8
â
CRSSelect profile
CVE-2026-20610
7.8
UnknownMultiple Products
This issue was addressed with improved handling of symlinks
CVSS Base7.8
â
CRSSelect profile
CVE-2026-20626
7.8
UnknownMultiple Products
This issue was addressed with improved checks
CVSS Base7.8
â
CRSSelect profile
CVE-2025-63421
7.8
UnknownMultiple Products
An issue in filosoft Comerc
CVSS Base7.8
â
CRSSelect profile
CVE-2019-25344
7.8đ Late Disclosure
WondershareMultiple Products
Wondershare MobileGo 8
CVSS Base7.8
â
CRSSelect profile
CVE-2025-64487
7.6
UnknownMultiple Products
Outline is a service that allows for collaborative documentation
CVSS Base7.6
â
CRSSelect profile
CVE-2026-26010
7.6
UnknownMultiple Products
OpenMetadata is a unified metadata platform
CVSS Base7.6
â
CRSSelect profile
CVE-2025-57713
7.5
FileMultiple Products
A weak authentication vulnerability has been reported to affect File Station 5
CVSS Base7.5
â
CRSSelect profile
CVE-2026-2250
7.5
UnknownMultiple Products
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication
CVSS Base7.5
â
CRSSelect profile
CVE-2025-70029
7.5
InforMultiple Products
An issue in Sunbird-Ed SunbirdEd-portal v1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-70084
7.5
OpenSatKitMultiple Products
Directory traversal vulnerability in OpenSatKit 2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-69873
7.5
throughMultiple Products
ajv (Another JSON Schema Validator) through version 8