Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,855
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,101 - 12,120 of 13,433 CVEs
CVE-2025-65886 HIGH - 7.5

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes.

Vendor: oneflow
Product: oneflow
Published: Jan 28, 2026
Source: NVD
CVE-2025-13917 HIGH - 7.0

WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Vendor: Broadcom
Product: Symantec Web Security Services Agent
Published: Jan 28, 2026
Source: NVD
CVE-2025-58150 HIGH - 8.8

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

Vendor: Xen
Product: Xen
Published: Jan 28, 2026
Source: NVD
CVE-2020-36992 HIGH - 7.8

Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem permission...

Vendor: nordvpn
Product: nordvpn
Published: Jan 28, 2026
Source: NVD
CVE-2020-36991 HIGH - 7.8

ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain eleva...

Vendor: Sharemouse
Product: ShareMouse
Published: Jan 28, 2026
Source: NVD
CVE-2020-36990 HIGH - 7.8

Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSy...

Vendor: Inputdirector
Product: Input Director
Published: Jan 28, 2026
Source: NVD
CVE-2020-36989 HIGH - 7.8

ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute wit...

Vendor: Forensit
Product: ForensiTAppxService
Published: Jan 28, 2026
Source: NVD
CVE-2020-36987 HIGH - 7.8

Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem p...

Vendor: Gearboxcomputers
Product: Program Access Controller
Published: Jan 28, 2026
Source: NVD
CVE-2020-36986 HIGH - 7.8

Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the CronService to insert malicious code that would execute during application startup or system reboot.

Vendor: Preyproject
Product: Prey
Published: Jan 28, 2026
Source: NVD
CVE-2020-36985 HIGH - 7.8

IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges du...

Vendor: Gearboxcomputers
Product: IP Watcher
Published: Jan 28, 2026
Source: NVD
CVE-2020-36984 HIGH - 7.8

EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ to inject malicious executables ...

Vendor: Epson
Product: EPSON
Published: Jan 28, 2026
Source: NVD
CVE-2026-1280 HIGH - 7.5

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploa...

Published: Jan 28, 2026
Source: NVD
CVE-2026-0844 HIGH - 8.8

The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profile_save_field' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscri...

Published: Jan 28, 2026
Source: NVD
CVE-2025-14386 HIGH - 8.8

The Search Atlas SEO โ€“ Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generate_sso_url' and 'validate_sso_token' functions in versions 2.4.4 to 2...

Vendor: shahrukhlinkgraph
Product: Search Atlas SEO โ€“ Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization
Published: Jan 28, 2026
Source: NVD
CVE-2026-1400 HIGH - 7.2

The AI Engine โ€“ The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `rest_helpers_update_media_metadata` function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attac...

Published: Jan 28, 2026
Source: NVD
CVE-2026-0702 HIGH - 7.5

The VidShop โ€“ Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

Published: Jan 28, 2026
Source: NVD
CVE-2025-40537 HIGH - 7.5

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.

Vendor: SolarWinds
Product: Web Help Desk
Published: Jan 28, 2026
Source: NVD
CVE-2025-40536 HIGH - 8.1

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

Vendor: SolarWinds
Product: Web Help Desk
Published: Jan 28, 2026
Source: NVD
CVE-2026-0832 HIGH - 7.3

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny user a...

Published: Jan 28, 2026
Source: NVD
CVE-2025-14610 HIGH - 7.2

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for aut...

Vendor: bloompixel
Product: TableMaster for Elementor โ€“ Advanced Responsive Tables for Elementor
Published: Jan 28, 2026
Source: NVD